Audit 373683

Significant deficiency in internal control over compliance related to subrecipient monitoring. Federal Agency: U.S. Department of Commerce ‐ The National Telecommunications and Information Administration Program Title: Public Wireless Supply Chain Innovation Fund Grant Program Assistance Listing Number: 11.038 Project Number: 06-60-IF008 Award Period: December 1, 2023 - November 30, 2025 Criteria Requirements contained in Title 2 U.S. Code of Federal Regulations (CFR) 200 Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), Subpart D require a pass-through entity to establish compliance policies to ensure subrecipients comply with requirements under the award including the evaluation of each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of such agreements, as well as, reviewing the results of a subrecipient’s annual Single Audit if one is required. Cause Open Networking Organization does not have a formal subrecipient monitoring policy, including requirements for the retention of a documented subrecipient risk assessment and documented review of subrecipient Single Audit reports. Effect or Potential Effect For the one subrecipient selected for testing, the Organization could not produce documentation of the required subrecipient risk assessment nor documented review of the subrecipient’s Single Audit report. Questioned Costs Not applicable. Repeat Finding No Recommendation We recommend that management develop and formalize a subrecipient monitoring policy in accordance with 2 CFR Part 200, including use of a documented subrecipient risk assessment and documented review of subrecipient Single Audit reports. Views of Responsible Officials Management concurs with the finding and has provided the accompanying management corrective action plan.

Significant deficiency in internal control over compliance with procurement procedures meeting the requirements of 2 CFR Part 200. Federal Agency: U.S. Department of Commerce ‐ The National Telecommunications and Information Administration Program Title: Public Wireless Supply Chain Innovation Fund Grant Program Assistance Listing Number: 11.038 Project Number: 06-60-IF008 Award Period: December 1, 2023 - November 30, 2025 Criteria Requirements contained in Title 2 U.S. Code of Federal Regulations Uniform Administrative Requirements, Cost Principles and Audit Requirements for Federal Awards (Uniform Guidance), Subpart D ‐ Post Federal Award Requirements, Section 200.318 through 200.326 Internal Controls, require that a nonfederal entity establish a written procurement policy which conforms. Among other requirements, the written procurement policy must identify formal and informal procurement actions to be taken based on the size of the procurement covering both goods and services. Cause Open Networking Foundation’s written procurement policy did not cover all requirements outlined in the Uniform Guidance procurement standards. Missing elements of the written procurement policy consisted of: - Micro purchase threshold is not explicitly defined, although it is mentioned that cost and price analysis shall be made and documented in connection with every procurement action above $2,500. - The policy does not have clear provisions for maintaining detailed procurement records related to services. Such records should include the rationale for the procurement method, the selection of contract type, the contractor selection or rejection process, and the basis for the contract price. - The simplified acquisition threshold is not defined and does not incorporate all relevant elements including sealed bids method. Effect or Potential Effect The absence of a policy that fully conforms to the Uniform Guidance could result in noncompliance issues including the lack of records sufficient to detail the history of a procurement transaction. Questioned Costs Not applicable. Repeat Finding No Recommendation We recommend Open Networking Foundation implement measures to ensure that its procurement policy conforms to procurement standards outlined in 2 CFR Part 200. Management should ensure procurement transactions are documented in such detail to evidence the method of procurement use and vendor verification for suspension and debarment. Views of Responsible Officials Management concurs with the finding and has provided the accompanying management corrective action plan.