2023-002 – Procurement, Suspension, and Debarment Program: ALN# 47.070 = Computer and Information Science and Engineering Federal Agency: National Science Foundation Federal Award Identification Number(s): 2216614, 2122756 Period: Year Ended December 31, 2023 Criteria: Under 2 CFR 200.319, and 2 CFR 200.320, non-federal entities must maintain written procurement policies and internal controls to ensure compliance with Federal requirements, including suspension and debarment checks. Under 2 CFR 200.214, non-federal entities must not enter into contracts with parties that are suspended or debarred. Condition: During our review of procurement policies, we noted that the Organization did not have written procedures addressing procurement suspension and debarment requirements and the Organization was unable to furnish documentation that procurement, suspension, and debarment procedures took place for all contracts selected for testing. Cause: The Organization has not developed formal written procurement, suspension, and debarment policies and procedures. Effect: Without written polices and procedures, the Organization is at increased risk of: • Failing to verify vendor eligibility. • Contracting with suspended or debarred entities. • Procurements conducted in a manner that fails to provide full and open competition. Questioned Costs: No questioned costs identified. Context: This sample was not intended to be, and was not, a statistically valid sample. Repeat Finding: No Recommendation: We recommend that the Organization: • Develop and implement written procurement policies that clearly outline procedures for suspension and debarment verification. • Require and document evidence of compliance for all covered procurement transactions • Train staff on the updated procedures. • Periodically review procurement files to ensure consistent adherence. Views of Responsible Officials: See management corrective action plan attached.
2023-003 – Lack of Documented Approval for Payroll Transactions Program: ALN# 47.070 = Computer and Information Science and Engineering Federal Agency: National Science Foundation Federal Award Identification Number(s): 2216614, 2122756 Period: Year Ended December 31, 2023 Criteria: Under 2 CFR § 200.430, charges to Federal awards for salaries and wages must be based on records that accurately reflect the work performed and must be supported by a system of internal control that provides reasonable assurance that the charges are accurate, allowable, and properly allocated. Condition: During testing of payroll expenditures, the Organization was unable to provide documentation demonstrating supervisory approval for 7 of the 40 payroll transactions sampled. While payroll amounts appeared consistent with employee job description, pay rates, and timesheets, the required evidence of review and approval (e.g., approved timesheets, electronic timekeeping approval logs, or supervisor sign-offs) was not available for these items. Cause: The Organization’s existing payroll approval process is not consistently followed. Management reported that supervisory approval of employee hours is performed, but documentation is not always retained due to inconsistent use of the timekeeping system. Effect: Failure to maintain proper documentation of payroll approvals increased the risk that payroll costs charged to Federal programs may be unallowable or inaccurately allocated and unauthorized or incorrect payroll charges may go undetected. Questioned Costs: No questioned costs identified. Context: This sample was not intended to be, and was not, a statistically valid sample. Repeat Finding: No Recommendation: We recommend that the Organization: • Strengthen internal controls to ensure that all payroll transactions include documented supervisory approval prior to processing. • Ensure consistent use of the approved timekeeping system and require management to complete standardized approvals. • Implement periodic monitoring of payroll records to verify compliance with the approval process. Views of Responsible Officials: See management corrective action plan attached.
2023-004 – Subrecipient Monitoring Program: ALN# 47.070 = Computer and Information Science and Engineering Grant #: 2216614, 2122756, Grant Period: Year Ended December 31, 2023 Government Agency: National Science Foundation Criteria: Per 2 CFR 200.331–200.332, pass-through entities must: • Evaluate each subrecipient’s risk of noncompliance to determine appropriate monitoring. • Monitor subrecipient activities to ensure compliance with Federal statutes, regulations, and program requirements, including reviewing financial and performance reports. • Verify subrecipients have audits as required under Subpart F. • Issue management decisions on subrecipient audit findings. • Maintain documentation of monitoring activities. Condition: During our testing of subrecipient monitoring, we noted that the Organization did not document required monitoring procedures for the subrecipients selected for testing. Specifically: • No documented risk assessments were performed prior to awarding funds. • The Organization did not obtain or review subrecipient Single Audit reports or written assurances of audit compliance. • Subrecipient agreements did not consistently include all required elements under 2 CFR 200.332(a). Informal monitoring was performed, but not to the level required by the Uniform Guidance. Cause: The Organization does not have adequate internal controls or documented procedures to ensure all required subrecipient monitoring tasks are consistently completed and retained. Personnel indicated that monitoring controls are informal and not centralized. Effect: Failure to perform required subrecipient monitoring increases the risk that Federal funds may be misused, unallowable, or spent in violation of program requirements without detection. Questioned Costs: No questioned costs identified. Context: This sample was not intended to be, and was not, a statistically valid sample. Repeat Finding: No Recommendation: We recommend that the Organization: • Develop and implement formalized subrecipient monitoring policies and procedures aligned with 2 CFR 200.332. • Perform and document risk assessments for all subrecipients. • Obtain and review Single Audit reports, as applicable, and issue written management decisions. • Conduct and document ongoing monitoring activities (e.g., financial/performance report reviews, site visits). • Maintain complete monitoring documentation in a centralized and accessible location. Views of Responsible Officials: See management corrective action plan attached.
2023-005 – Reporting Program: ALN# 47.070 = Computer and Information Science and Engineering Grant #: 2216614, 2122756, Grant Period: Year Ended December 31, 2023 Government Agency: National Science Foundation Criteria: Under 2 CFR 200.301 and 2 CFR 200.328, non-Federal entities must maintain documentation sufficient to demonstrate compliance with Federal reporting requirements, including performance and financial reporting. Per the requirements contained in 2 CFR 200.512 (a), the auditee is responsible for submitting the data collection form and the reporting package, including the auditors’ reports, within the earlier of 30 days after receipt of the auditors’ report or nine months after the end of the audit period to the federal audit clearinghouse. Condition: The Organization was unable to provide supporting documentation for the reports submitted to the Federal agency. Specifically, the Organization did not retain copies of the financial and performance reports, nor did it maintain documentation evidencing the data used to prepare those reports. The audit package and data collection form were not submitted to the Federal Audit Clearinghouse for the reporting year December 31, 2023 within nine months after the end of the audit period. Cause: The Organization’s document retention procedures are not sufficiently designed or implemented to ensure that required reporting documentation is retained in accordance with the Uniform Guidance. Account analyses were not performed in a timely manner throughout the year and this led to delays in the start of the audit process. Effect: The lack of adequate documentation increases the risk that: • Reports submitted to the funding agency may be inaccurate or incomplete. • Reporting errors may go undetected. • The Organization may be found noncompliance with Federal record retention requirements. The Organization is deficient in its submission of the required audit reporting package and data collection form. As such, the Organization is noncompliant with the reporting requirements. Questioned Costs: No questioned costs identified. Context: This sample was not intended to be, and was not, a statistically valid sample. Repeat Finding: No Recommendation: We recommend that the Organization implement appropriate policies, procedures and controls to ensure that records are maintained in accordance with the applicable compliance requirements and to ensure that future submissions of the Uniform Guidance reports are filed timely. Views of Responsible Officials: See management corrective action plan attached.