2025-007 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Child and Adult Care Food Program. Assistance Listing Number and Title: 10.558 Child and Adult Care Food Program Federal Grantor Name: U.S. Department of Agriculture Federal Award/Contract Number: 247WAWA3N1199;247WAWA3N1099; 247WAWA3N2020;247WAWA4N1150; 247WAWA4N1050;257WAWA3N1199; 257WAWA3N1099;257WAWA3N2020; 257WAWA4N1150; Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-004 Background The Child and Adult Care Food Program (CACFP) reimburses child and adult care institutions and family or group day care homes for providing nutritious meals and snacks that contribute to the wellness, healthy growth, and development of young children, and the health and wellness of older adults and people with disabilities. In Washington, the Office of Superintendent of Public Instruction administers CACFP. The Office spent about $48.2 million in federal funds, more than $47.4 million of which it paid to subrecipients. The Office is responsible for monitoring all institutions participating in CACFP to ensure compliance with meal pattern, recordkeeping and other program requirements. Institutions that provide meals can participate through a sponsoring organization that will be financially and administratively responsible, or they can apply directly to the state agency and operate as an independent center. Federal regulations require pass-through entities to ensure that every subaward is clearly identified to a subrecipient as a subaward, and that it includes 14 federal award identification elements. These elements include the subrecipient's unique entity identifier, the Federal Award Identification Number, name of the federal awarding agency, the program's Assistance Listing Number and title, obligation amounts, project periods and more. When some of this information is not available, the pass-through entity must provide the best information available to describe the federal award and subaward. In addition, pass-through entities must impose requirements on subrecipients so that they use the program funds in accordance with federal statutes, regulations, and the federal award's terms and conditions. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the program. The prior finding numbers were 2023-003 and 2024-004. Description of Condition The Office did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the CACFP. We identified 430 subrecipients of the program who were paid with federal funds during fiscal year 2025 and were subject to the Uniform Guidance requirements. We examined the various methods that the Office used to communicate the required federal award identification elements to subrecipients. These methods included periodic permanent agreements, an annual application process, and an award letter that was sent to each subrecipient. We found that the Department did not properly communicate, in a timely manner, all federal award elements, terms and conditions, and other federal award requirements to all 430 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Although the Office developed new tools and written procedures in response to the prior year’s finding, these improvements were not fully implemented in a timely manner during the audit period. Effect of Condition Without proper identification and communication of the federal award, the Office cannot properly notify subrecipients about the required federal award elements, nor impose requirements so the subrecipients use the federal award in accordance with its terms and conditions, federal statutes, and regulations. Further, the Office cannot impose any additional requirements of the pass-through entity on the subrecipient to meet its own responsibilities to the federal awarding agency, as well as other requirements as specified in the Uniform Guidance. Recommendation We recommend the Office strengthen policies and procedures to ensure subawards are clearly identified as a subaward and communicate all required information according to the Uniform Guidance. Office’s Response The OPSI/CNS Office concurs with the finding, CACFP– Subrecipient Monitoring Fed ID Elements. Auditor’s Remarks We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to establish, document, and maintain effective internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200 Uniform Guidance, Section 332, Requirements for pass-through entities, establishes the requirements for pass-through entities. Title 2 CFR Part 200, Uniform Guidance, Section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-008 The Department of Social and Health Services did not have adequate internal controls to ensure payments were allowable and made only to eligible beneficiaries for the Summer Electronic Benefits Transfer Program for Children. Assistance Listing Number and Title: 10.646 Summer Electronic Benefits Transfer Program for Children Federal Grantor Name: U.S. Department of Agriculture Federal Award/Contract Number: 202424N117547; 202424N117547-001; 202424N117547-002, 202525N117547; 202525N117547-001; 202525N117547-002; 202424N180347; 202424N180347-001; 202424N180347-002; 202524N180347; 202524N180347-001; 202524N180347-002; 202524N180347-003; Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Eligibility Known Questioned Cost Amount: $55,454 Prior Year Audit Finding: No Background The Summer Electronic Benefits Transfer (Summer EBT) Program for Children is a federally funded nutrition assistance program administered by the U.S. Department of Agriculture to provide food benefits to eligible children during the summer months when school is not in session. The program is funded through multiple federal grant awards that include both benefit funding and administrative funding. In Washington state, the Department of Social and Health Services (Department) administers the Summer EBT Program as the lead agency for the State, in coordination with the Office of Superintendent of Public Instruction (OSPI) as the partnering agency for the State. The Department is responsible for determining eligibility of recipients to receive Summer EBT benefits, as well as financial management, accounting and federal reporting for the program, while OSPI is responsible for coordinating the automatic enrollment of children who are individually certified for free or reduced-price meals through the National School Lunch Program (NSLP) and School Breakfast Programs (SBP) and are enrolled in a participating school. In fiscal year 2025, the Summer EBT Program issued about $76 million in EBT benefits to more than 631,000 participants in Washington state. Individuals can be eligible to receive Summer EBT benefits through multiple pathways, including streamlined eligibility based on their participation in programs such as Supplemental Nutrition Assistance (SNAP) or Temporary Assistance for Needy Families (TANF). Individuals may also qualify for assistance through a direct certification method if they are enrolled in the state’s Medicaid programs. Additionally, an individual is eligible if enrolled in a school participating in the Community Eligibility Provision offering free or reduced-price meals to all children, or submits a direct application to the Department, and meets the following eligibility requirements: The individual lives in a household with total income that is at, or below 185 percent of the Federal Poverty Level; and The individual meets the compulsory school age set by Washington State (age eight to eighteen years old) at any point during the immediately preceding instructional year. According to the Department’s rules for the program, school aged children are defined as those between ages eight and eighteen years old at any point during the instructional year, which is the period from July 1 through the last day of the summer operational period. The summer operational period is defined as the period of time between the end of the child’s current school year and the start of the next school year. Children determined eligible to receive a benefit during the program operational period may receive a one-time $120 benefit payment, which is available for a period of 122 days from the date of deposit before they can be expunged from the participant’s account. Children referred for the program by OSPI are eligible between the ages of one and eighteen, if their school participates in the National School Lunch Program or School Breakfast Programs, and offers free or reduced-price meals throughout the school year. The Department entered into a contract with a third-party vendor to develop and maintain an application portal to solicit applications for Summer EBT benefits. The contractor transmits approved applications directly to the state’s third-party EBT processor to issue Summer EBT benefits to participants directly through EBT cards (called SUN Bucks cards) sent through the mail. Participants receive written instructions along with their SUN Bucks card to activate their benefits with the EBT processor before the card can be used for food purchases. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls to ensure payments were allowable and made only to eligible beneficiaries for the Summer EBT program. We found the Department did not obtain or review data from its third-party contractor detailing all participants determined eligible during the audit period. We requested a population of all applicants determined eligible to receive benefits during the audit period to test whether the participants determined eligible to receive benefits met the criteria as required by federal law and Department rules. We identified 28 participants who did not meet the applicable school age requirements, and were age 19, or older, prior to the start of the operational period, representing $3,360 in Summer EBT benefits that were improperly issued to the participants EBT accounts. We also identified 2,416 improper issuances of benefits, totaling $289,920 that the Department confirmed with OSPI to be improperly issued. The Department informed our Office that it did not inquire with the grantor to determine if the federal share of these improper issuances should have been returned. We consider these internal control deficiencies to be a material weakness. This issue was not reported as a finding in the prior audit. Cause of Condition The Department did not monitor eligibility determinations made by its third-party contractor, and did not request data to support the eligibility determinations made by the contractor to ensure participants were correctly determined to be eligible to receive benefits. Instead, the Department relied on its review of the third-party contractor’s applicant screening procedures to prevent any unauthorized benefits from being awarded. Additionally, the Department only followed up on potential improper payments that were identified by OSPI and did not implement effective internal controls to ensure all benefits awarded to participants were allowable. The Department also provided our Office with reports it received from the third-party contractor that summarized duplicate payments identified for beneficiaries that were reported multiple times by participating school districts, resulting in improper issuances of EBT benefits, as well as beneficiaries that were later identified by participating school districts as ineligible. The Department did not correctly interpret the federal requirements to report these improper benefit payments to the federal grantor. Effect of Condition and Questioned Costs In total, the Department improperly awarded $293,280 to ineligible participants who did not meet the minimum compulsory school age requirements or were otherwise ineligible as defined by the Department in regulations. Of that amount, we found the Department paid $55,454 to ineligible participants which were not recovered or returned to the federal grantor. The Department deactivated the remaining amount of $237,826 in improper issuances before they could be spent. The summary table below outlines the questioned costs identified during our audit: Issue Category Improper Payment Amount Benefits paid on behalf of participants determined ineligible $52,842 Benefits paid for participants age 19 and older (prior to the start of the instructional period) $2,612 Total known questioned costs $55,454 We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: Establish internal controls to ensure all participants awarded benefits under the program meet eligibility criteria Improve internal controls to ensure any improper payments identified are documented Retain supporting documentation to demonstrate that all participants receiving benefits under the program are eligible Monitor its third-party contractor to ensure eligibility determinations are accurate and in accordance with state and federal requirements Consult with the grantor to determine if the questioned costs identified in the audit should be repaid Department’s Response The Department concurs with the auditor’s findings. The improper payments identified resulted from challenges of implementing a new program in its first year. Errors occurred when school and DSHS users migrated data into new templates, leading to the inclusion of ineligible students and inaccurate dates of birth. The Department agrees that thorough data validation prior to issuance would have better identified systemic issues related to age and enrollment. Upon discovery, the Department promptly expunged ineligible issuances to limit the state’s liability. We did not process overpayments on spent benefits based on 7 CFR 292.27(c)(2), “To the maximum extent practicable, Summer EBT agencies should limit claims against households to situations where there is evidence that the household knowingly obtained benefits through fraudulent activities.” In addition, our approved state plan with the federal grantor states the Department will not process overpayments for improper benefits unless there is evidence of fraud. To strengthen our internal controls, the Department’s Community Services Division (CSD) will: Implement a mandatory data reconciliation process. The contractor must provide full participant datasets, including dates of birth and eligibility status, to CSD for review and approval prior to benefit issuance. Implement an age review process to address questionable data before submission to the contractor. Request a system enhancement to automatically flag participants under age 1 or over age 22 for further review. Update the contract with the contractor to include specific reporting requirements for duplicate issuances and ineligible participant flags. Request the Electronic Benefits Transfer (EBT) vendor create a standard monthly report to show expenditures and expired benefits by client. If the grantor contacts the Department regarding the questioned costs identified in this finding, the Department will consult with the grantor to determine whether repayment is required. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs. Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs. Title 2 CFR Part 210, National School Lunch Program, section 2, Definitions, establishes definition of “child”. Title 2 CFR Part 210, National School Lunch Program, section 10, Meal requirements for lunches and requirements for afterschool snacks, establishes the meal requirements for schools to offer lunch and afterschool snacks to eligible children. Title 7 CFR Part 292, Summer Electronic Benefits Transfer Program, Subpart B – Eligibility Standards and Criteria, section 6, Eligibility, establishes the eligibility requirements for children to receive benefits through the program. Washington Administrative Code (WAC) Section 388-487-0010 What is the sun bucks program?, states in part: The sun bucks program is the summer electronic benefits transfer program that provides a one-time food benefit to eligible children during designated summer periods following an academic school year. The following definitions apply to this program: 1.Categorically eligible means a school age child, as defined in this section, who automatically qualifies for sun bucks because they are: a.A member of a household receiving the supplemental nutrition assistance program (SNAP) or temporary assistance for needy families (TANF); or b.A foster child, homeless child, migrant child, head start child, or runaway child; as defined in the Richard B. Russell act. 2.“CEP or provision 2 school” means a community eligibility provision or provision 2 school that provides free or reduced-price meals to all children regardless of meeting income eligibility guidelines. 3.“CNEEB” means a child nutrition eligibility and education benefit application for free or reduced-price meals, including sun bucks, submitted by a household for a child or children enrolled at a school that participates in NSLP/SBP. 4.“Department” means the department of social and health services. 5.“Direct certification” means automatic eligibility for free or reduced-price meals based on documentation provided by the department that a child is categorically eligible as defined in this section. 9.“Free or reduced-price meals” means meals provided to students qualified as eligible by the Richard B. Russell national school lunch act. 12.Instructional year” means the period from July 1 of the prior year through one day prior to the summer operational period. 13.“NSLP/SBP” means the national school lunch program established under the Richard B. Russell national school lunch act and the school breakfast program established under the child nutrition act. 14.“Period of eligibility” means the period of time from the first day of the instructional year immediately preceding the summer operational period, through the last day of the summer operational period. 15.“School-aged” means the age children are required to attend school as defined by state law; in Washington state this is age eight to 18 years old. 16.“Streamline certified” means automatically enrolling an eligible child for sun bucks without need for further application or confirmation of school enrollment. 17.“Summer operational period” means the period between the end of the current school year and the start of the next school year, as determined by the state. 18.“Sun bucks application” means an application available to households with potentially eligible children who do not automatically meet streamline certification criteria. 19.“Sun bucks card” means the unique EBT card that accesses sun bucks food benefits issued to individual eligible children. Washington Administrative Code (WAC) 388-487-0020 Is my child eligible for sun bucks?, states in part: 1.To be streamline certified for sun bucks benefits, a child must be: a.School-aged and categorically eligible; b.Enrolled in a school that participates in the NSLP/SBP; and i.Attends a school that does not operate the CEP or provision 2 program and determined by the school to be individually eligible for free or reduced-price meals; or ii.Attends a school that operates the CEP or provision 2 program and eligible for free or reduced-price meals using direct certification. 2.For children who are not streamline certified, an adult household member must submit either a sun bucks application to the department or a CNEEB application to the child’s school during the period of eligibility and the child must be: a.Enrolled at a school that participates in the NSLP/SBP; and b.A member of a household that meets income eligibility guidelines for free or reduced-price school meals. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-009 The Department of Social and Health Services did not have adequate internal controls over financial reporting for the Summer Electronic Benefits Transfer Program for Children. Assistance Listing Number and Title: 10.646 Summer Electronic Benefits Transfer Program for Children Federal Grantor Name: U.S. Department of Agriculture Federal Award/Contract Number: 202424N117547; 202424N117547-001; 202424N117547-002, 202525N117547; 202525N117547-001; 202525N117547-002; 202424N180347; 202424N180347-001; 202424N180347-002; 202524N180347; 202524N180347-001; 202524N180347-002; 202524N180347-003; Pass-through Entity Name: None Pass-through Award/Contract Number: None Known Questioned Cost Amount: Reporting Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Summer Electronic Benefits Transfer (Summer EBT) Program is a federally funded nutrition assistance program administered by the U.S. Department of Agriculture to provide food benefits to eligible children during the summer months when school is not in session. The program is funded through multiple federal grant awards that include both benefit funding and administrative funding. In Washington state, the Department of Social and Health Services administers the Summer EBT Program as the lead agency for the State, in coordination with the Office of Superintendent of Public Instruction (OSPI) as the partnering agency for the State. The Department is responsible for determining eligibility of recipients to receive Summer EBT benefits, as well as financial management, accounting and federal reporting for the program, while OSPI supports program operations by providing education-related data to the Department’s third-party contractor to identify participants from the state’s National School Lunch and School Breakfast Programs that may be eligible for Summer EBT benefits. As a condition of receiving federal funding, the Department is required to comply with federal financial reporting requirements. These include submitting quarterly financial reports (SF-425) that contain information on award receipts, cumulative federal expenditures, state share of program costs, indirect costs and unobligated balances for the reporting period. The grantor uses these reports to monitor program expenditures, ensure recipient compliance with grant requirements and support federal oversight of program funds. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over financial reporting for the Summer EBT program. We used a nonstatistical sampling method to randomly select and examine four out of a total population of six financial reports submitted by the Department. We found the Department did not have documentation to demonstrate that a second employee reviewed and approved two of the reports (50%) before the Department submitted them to the grantor. We consider this internal control deficiency to be a material weakness. This issue was not reported as a finding in the prior audit. Cause of Condition Management did not ensure a second employee consistently reviewed the reports for accuracy and certified them before submitting them to the federal grantor. The Department stated it lacked adequate staffing during the audit period, which resulted in periods of limited capacity for accounting staff to review reports before they were due. The Department also stated that it conducted preliminary reviews of the reports informally, but that it did not have documentation to demonstrate these reviews occurred. Effect of Condition By not properly reviewing the SF-425 report, the Department risks inaccurate reporting and cannot reasonably ensure that the expenditures and cash receipts reported to the grantor are complete and accurate. Accurate, complete and timely reporting is critical for the grantor to ensure that federal funds are properly accounted for, expenditures align with approved grant budgets, and that required matching contributions are being met. Recommendation We recommend the Department strengthen internal controls to ensure a supervisor reviewed and approved the SF-425 reports before certification. Department’s Response The Department concurs with the auditor’s finding. The Department maintains that both instances were anomalies that occurred during a staffing transition within the Division of Finance and Financial Resources. During a departing employee’s final week, the reviewing/approving manager performed a live review of the reporting entries via a Teams screen share. While the manager provided verbal approval and later documented the review, the formal documentation was finalized after the report had already been submitted to the grantor. The second instance occurred during the interim period between the employee’s departure and the start of their replacement. Due to concurrent staff leave and limited resources in the accounting unit, the designated reviewer/approver completed all report tasks personally. In both instances, the reports were complete, accurate and submitted timely. To strengthen the Department’s internal controls, we will update procedures to designate a backup reviewer/approver. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to establish, document, and maintain effective internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-011 The Employment Security Department did not have adequate internal controls over the 2208A reporting requirements for the Unemployment Insurance program. Assistance Listing Number and Title: 17.225 Unemployment Insurance 17.225 COVID-19 Unemployment Insurance Federal Grantor Name: U.S. Department of Labor Federal Award/Contract Number: 25A55UI000109-01; 24A55UI000032-01; 23A03UI039355-01; 25A55UT000068-01; 24A55UT000030-01; 24A55UI039303-01; UI372562255A53-01 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Reporting Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Unemployment Insurance (UI) program was created by the Social Security Act, and it provides benefits to unemployed workers under the Unemployment Compensation program for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2025, the Department paid more than $2.2 billion in unemployment insurance benefits to people in Washington. The Unemployment Insurance Handbook No. 336 – published by the U.S. Department of Labor, Employment and Training Administration (ETA), Office of Unemployment Insurance – outlines the requirements for states to submit performance measures for UI programs to the federal government so it can evaluate their programs. The ETA 2208A – Quarterly UI Above-Base Report is a quarterly report of the staff years worked (SYW) and staff years paid (SYP) by program category and provides the basis for determining above-base entitlements. The report is cumulative, starting each federal fiscal year. Reports are due 30 days after the end of the reporting quarter. The Department prepares ETA 2208A reports using budget information from the state’s Agency Financial Reporting System (AFRS), and the Department’s central budget office reviews and approves the report quarterly. The key line items in the report include: Line One – Claims Activities: Reports the number of staff years for claims activities including initial claims, weeks claimed, eligibility reviews, nonmonetary determinations, appeals and multi-claimant service. Line Two – Employer Activities: Reports the number of staff years for employer activities including wage records, tax and tax travel. Line Three – UI Performs: Reports the number of staff years for UI Performs activities, less UI performs administrative staff and technical services (AS&T). Line Four – Support/AS&T: Reports staff years for support activities for the UI and Trade programs. Line Five – Trade Claims Activities: Reports staff years for claims activities under the Trade Adjustment Assistance provisions and North American Free Trade Agreement program. Line Six – Other: Reports the staff years for special funded activities not included in lines one through five. Line Seven – Total Staff Hours: Reports the year-to-date totals (YTD) from Lines one through six. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over the 2208A reporting requirements for the UI program. During the audit period, the Department was required to submit four quarterly reports that report on the SYW and SYP. We tested all four reports the Department submitted and we identified three carried over the incorrect amounts for lines five, six and seven. Specifically: In the quarter ending December 2024, the Department misstated Line Six – Other for both SYW and SYP by 1.21 years, which carried over to the YTD and Line Seven – Total Staff Years. In the quarter ending March 2025, the Department carried over the incorrect YTD totals from Line Six – Other and Line Seven – Total Staff Years. We identified the Department understated the SYW and SYP amounts by 0.55 years. In the quarter ending June 2025, the Department misstated the following: oLine 3 – UI Performs for SYW, SYP and YTD hours, causing an understatement of 62.07 for all three categories oLine Five – Trade Claims Activities for SYW, SYP, and YTD hours, causing an understatement of 17.89 for all three categories oLine Six – Other for SYW, SYP and YTD years, causing an overstatement of 60.95 for all three categories We consider these internal control deficiencies to be a significant deficiency. This issue was not reported as a finding in the prior audit. Cause of Condition Management did not adequately review complete source documentation before certifying the reports to ensure it correctly reported all labor totals. In addition, the Department did not retain all supporting documentation to demonstrate how it calculated the amounts it reported when carrying forward staff totals from prior quarters. Effect of Condition and Questioned Costs When management does not follow the Department’s established internal controls to ensure all required reports are accurate, the Department is at an increased risk of inaccurately reporting data to the federal grantor. Recommendation We recommend the Department improve internal controls to ensure management properly reviews all required fields in the reports before it submits them to the federal grantor. Department’s Response ESD thanks the Office of the State Auditor for its work to ensure federal reports are accurate. The Department notified our federal grantor when we became aware of the issue and submitted a corrected report for the period in question. The Department has updated internal processes to review and retain all support documentation for the required reports. The Department has implemented a new process to run a cumulative report to provide further backup and detect variances throughout the fiscal year. The Department noted at the time there is no dollar impact for this report. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to establish, document, and maintain effective internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200,Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Office of Management and Budget, 2 CFR Part 200, Appendix XI, Compliance Supplement, Unemployment Insurance, states in part: L. Reporting 3. Special Reporting ETA 2208A, Quarterly UI Above-Base Report (OMB No. 1205-0132) – Quarterly report of staff years worked and paid by program category. Key line items are one through seven of Section A. The auditor is not expected to test sections B through E. Detailed information on this report can be found at: Appendix III of ET Handbook 336, 18th Edition, Change 4
2025-012 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it profiled all claimants under the Unemployment Insurance program to identify people likely to need reemployment services and ensure reports are reviewed before submission to the federal government. Assistance Listing Number and Title: 17.225 Unemployment Insurance 17.225 COVID-19 Unemployment Insurance Federal Grantor Name: U.S. Department of Labor Federal Award/Contract Number: 25A55UI000109-01;24A55UI000032-01; 23A03UI039355-01;25A55UT000068-01; 24A55UT000030-01; 24A55UI039303-01; UI372562255A53-01 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Tests and Provisions – UI Reemployment programs: Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA) Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-009 Background The Unemployment Insurance (UI) program was created by the Social Security Act, and it provides benefits under the Unemployment Compensation program to unemployed workers for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2025, the Department paid more than $2.2 billion in unemployment insurance benefits to people in Washington. The Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA) programs serve as the primary programs that facilitate the reemployment of UI claimants. RESEA is authorized by Section 306 of the Social Security Act, and it uses an evidence-based integrated approach that combines an assessment for continuing UI eligibility and the provision of reemployment services. The Department uses a RESEA program to satisfy the WPRS mandate in accordance with federal requirements, and its program design is documented in the RESEA State Plan approved by the U.S. Department of Labor. According to the Department’s RESEA State Plan, the agency profiles unemployment claimants using a scoring model that is built into its Unemployment Tax and Benefit (UTAB) system to identify claimants who are likely to exhaust benefits and need job search assistance to obtain new employment. The profiling model must statistically combine information on the person’s work industry, occupation, education level, county of residence, and other personal characteristics, including veteran and union status, and labor market characteristics to generate a numerical score indicating their likelihood of exhausting regular unemployment benefits before finding work. The claimants are to be ranked in a queue based on their individual score from most likely to least likely to exhaust benefits. On a weekly basis, the Department selects people from this queue for available appointments for reemployment evaluations. In July 2019, the Department implemented an online appointment scheduling system called the Reemployment Appointment Scheduler (RAS) to facilitate the appointment scheduling process for the Department’s WorkSource offices. In June 2021, the Department deployed a pilot program proposed by the U.S. Department of Labor known as a randomized control trial (RCT), to randomly assign profile scores instead of using the risk profile model to profile all unemployment claimants. The objectives of the trial were to assess the impact of the RESEA program concerning the length of unemployment claims, earnings and employment probability of claimants following the provision of RESEA services, and to assess whether the program improved the identification of claimant eligibility issues and improper payment detection. Under the RCT, the WPRS score used to rank claimants was replaced with a randomly generated score, after excluding the top 5% of claimants with the highest WPRS scores. In 2024, the U.S. Department of Labor issued guidance to states administering RESEA grant programs to submit quarterly performance reports on RESEA participant activity that include the ETA 9128 RESEA Workload Report. The Department is required to have RESEA staff and state UI staff members review this report for accuracy before submitting it to the grantor. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it profiled all claimants under the UI program to identify people likely to need reemployment services and ensure staff providing those services received required training. The prior finding numbers were 2023-010 and 2024-009. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure it profiled all claimants under the UI program to identify people likely to need reemployment services and ensure reports are reviewed before submission to the federal government. Identification for People Eligible for Reemployment Services The Department did not adequately monitor its UTAB scoring model to ensure applicant risk profile scores were accurate to identify those claimants most likely to exhaust their unemployment benefits. The Department is required to use a scoring model to profile all claimants to identify those likely to need reemployment services. During the audit period, the score calculated by the model was only applied for 5% of claimants with the highest score. A random score was assigned to the remaining 95% of claimants. The random score assignment did not provide adequate assurance that people most likely to exhaust benefits were prioritized to receive reemployment services. To determine a claimant’s profile score, the scoring model assigns 10 different coefficient rates associated with attributes that the Department determined to signify how likely a claimant will be to exhaust their unemployment benefits. The Department could not explain the methodology for determining an applicant’s profile score based on these 10 attributes, or how to independently recalculate the score. As of our audit, the Department had not tested the calculation of the profile score to ensure it is functioning as intended and producing accurate results. In addition, management could not provide historical records to demonstrate the calculation had been tested since its first implementation. Therefore, the Department has no assurance that the calculation provides an accurate measurement of the risk a claimant will exhaust their benefits. In addition, management did not monitor to determine whether the RAS system had received all eligible claimants. There is a daily process to send eligible claimants to the RAS selection queue, but there were no internal controls in place to ensure RAS received and processed all files it was sent. In addition, RAS does not have a working test environment to test whether the system effectively schedules claimants based on defined rules and requirements. RESEA ETA Reporting We reviewed all four quarterly ETA 9128 reports that were submitted during the audit period. The Department uses a tracking spreadsheet to ensure the reports are completed timely. However, the Department did not maintain supporting documentation to demonstrate the reports were reviewed by UI staff or reviewed and approved by management before they were submitted to the grantor. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition Identification for People Eligible for Reemployment Services During the implementation of the RCT, the Department did not adequately monitor the profiling and prioritization of claimants for RESEA participation to determine whether claimants prioritized for receiving RESEA services were the most likely to exhaust their unemployment benefits. In the prior audit, our Office tested the Department’s UTAB risk scoring model and identified system weaknesses and recommended the Department review the design of its UTAB calculation to determine whether it was accurately identifying claimants most likely to exhaust regular UI benefits. However, during this audit period, the Department did not implement any system changes to the scoring model. RESEA ETA Reporting The Department stated that management reviewed the reports after they were submitted to the federal government. However, the Department did not provide us with any documentation to support the reviews occurred. Effect of Condition Identification for People Eligible for Reemployment Services Without monitoring its automated scoring model for effectiveness, the Department cannot ensure that its systems select RESEA participants based on a valid risk profile and priority of need for reemployment services. By disabling the automated scoring model, the Department is not in compliance with provisions in the RESEA State Plan, and it cannot ensure claimants selected for RESEA appointment services should have received consideration over higher-risk claimants who may be excluded in the RCT. RESEA ETA Reporting By not documenting the review and approval of the reports before submission, the Department cannot demonstrate that all reporting elements were verified to be accurate as required. Recommendation We recommend the Department: • Review the design of its UTAB calculation to determine an applicant’s risk profile score and test the calculation of the score to determine whether the system is accurately identifying claimants most likely to exhaust benefits. This understanding and testing should ensure that coefficient values are correctly determined and assigned by the UTAB system. • Reconcile the interface between the UTAB system and the scheduling system to ensure the RAS scheduling system receives all RESEA eligible claimants and prioritizes claimants in accordance with federal requirements • Consider implementing additional internal controls to ensure claimants are profiled and prioritized for reemployment services based on their risk of exhausting unemployment benefits, in accordance with federal requirements • Improve internal controls to ensure all quarterly ETA performance reports are reviewed by RESEA and UI staff before submitting them to the federal grantor, as required Department’s Response The Employment Security Department thanks the Office of the State Auditor for their work to ensure RESEA eligible claimants are prioritized in accordance with federal requirements. When this condition was identified in the prior year audit, the Department allocated resources to identify the cause and determine processes to properly determine coefficient values. This resulted in the Department identifying the issue and conducting additional internal verification of its accuracy. This initial work was completed in August 2025, which was outside of the audit period. The Department anticipates the coefficient to be accurate after final verification is completed. The Department partially concurs with the recommendation to reconcile the UTAB and Reemployment Appointment Scheduler (RAS) interface. There is currently a process in place to notify the RAS team if a record fails at the time of data transmission between UTAB and RAS. The Department will review its processes to verify the complete UTAB exit file was successfully received by RAS. The Department is reviewing its procedures and providing additional training on these ETA reports to ensure documentation that they have been submitted is retained. The Department will continue to work with our federal partners to ensure they provide training and guidance on new federal systems and reporting requirements. The Department notes there is no fiscal impact to this finding. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to establish, document, and maintain effective internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 42 United States Code, Chapter 7 – Social Security, Subchapter III – Grants to States for Unemployment Compensation Administration, § 503 – State laws, states in part: (j) Worker profiling (1) The State agency charged with the administration of the State law shall establish and utilize a system of profiling all new claimants for regular compensation that – (A) Identifies which claimants will be likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment; (B) Refers claimants identified pursuant to subparagraph (A) to reemployment services, such as job search assistance services; available under any State or Federal law; Revised Code of Washington (RCW), Title 50, Unemployment Compensation, Section 50.20.011, Profiling system to identify individuals likely to exhaust benefits – Confidentiality of information – Penalty, states in part: 1. The commissioner shall establish and use a profiling system for new claimants for regular compensation under this title that identifies permanently separated workers who are likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment. The profiling system shall use a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion. Individuals identified as likely to exhaust benefits shall be referred to reemployment services, such as job search assistance services, to the extent such services are available at public expense. 2. The profiling system shall include collection and review of follow-up information relating to the services received by individuals under this section and the employment outcomes for the individuals following receipt of the services. The information shall be used in making profiling identifications. Washington State Employment Security Department, Wagner-Peyser Employment Service Policy 4050, Reemployment Services and Eligibility Assessments (RESEA) program, states in part: 3. Policy: B. Claimant selection for RESEA services RCW 50.20.11 states, in part, that a profiling system must be established to identify new permanently separated claimants most likely to exhaust regular UI benefits and that are in need of job search assistance services to make successful transitions to new employment. This system uses a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion known as the profile score. Claimants with a work search requirement will be given a profile score. Those still attached to an employer will not receive a profile score. Employment and Training Administration Advisory System – Unemployment Insurance Program Letter No. 08-24 – Guidelines for the FY 2024 UI RESEA grants to invite State Workforce Agencies to submit a RESEA State Plan. Section 4 – Guidance part ii – Subsequent RESEA, states in part: C. Reporting instructions for ETA 9128. The ETA 9128 has been revised to capture data on subsequent (in addition to initial) RESEA activities and account for individuals selected for RESEA that are later determined to be incorrectly selected or ineligible for RESEA participation. The UIPL discussing the additional items will be published in March 2024. The ETA 9128 report must be completed by states quarterly and submitted no later than the 20th day of the second month following the quarter of reference, i.e., February 20, May 20, August 20, and November 20. Before its quarterly submission, states must review the ETA 9128 Workload report for accuracy. In addition to appropriate RESEA staff members, this review must include state UI staff members.
2025-014 The Department of Transportation did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program. Assistance Listing Number and Title: 20.205 Highway Planning and Construction Federal Grantor Name: U.S. Department of Transportation Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement. Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-012 Background The Washington State Department of Transportation’s Local Programs Office administers Highway Planning and Construction Program funding to local agencies throughout the state for highway construction projects. The Department spent about $1.1 billion on highway projects during fiscal year 2025 and awarded more than $990 million to local agencies through subawards for 294 new and existing projects across the state. Pass-through entities are required to monitor the activities of their subrecipients to ensure they are properly using federal funds. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. For the subawards made during fiscal year 2025, Department management delegated the responsibility to complete risk assessments for individual projects to the Local Programs Engineers who were assigned to the regional office that oversees the project. When the Department prepares to monitor or review a subrecipient, it selects an open and active project and evaluates the subrecipient based on its performance under that project. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program. The prior finding numbers were 2024-012 and 2023-012. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program. We used a nonstatistical sampling method to randomly select and examine 26 out of a total population of 294 projects awarded funding during the audit period to determine if the Department performed a risk assessment of each project to determine the appropriate level of monitoring required for the subrecipient. We found the Department did not complete risk assessments for seven of the 26 projects (27%). We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition Management did not ensure the Local Programs Engineers performed risk assessments for each subrecipient project awarded program funds. While the Department has made some changes to its internal controls in response to the two previous findings, they have been insufficient to ensure compliance with federal requirements. Effect of Condition Not performing risk assessments makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the grant’s terms and conditions. Without verifying the Local Programs Engineers completed risk assessments for each awarded project, the Department cannot ensure it is performing risk assessments consistently and using the proper criteria to determine the appropriate amount of monitoring required for each subrecipient project. Recommendation We recommend the Department: Ensure it properly performs and documents the required risk assessments, which would allow management to evaluate the results and demonstrate compliance with federal requirements Improve its monitoring of regional Local Programs Engineers to ensure they complete risk assessments for each program-funded project Department’s Response The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Highway Planning and Construction program. WSDOT is committed to ensuring our programs comply with federal regulations. Risks assessments for subrecipients in this FHWA grant program are the responsibility of WSDOT’s Regional Local Programs Engineers, located in the six WSDOT Regions. While every attempt is made to complete a risk assessment at each phase of a project, staff turnover contributed to the lack of consistency and timeliness in completing these assessments. As part of ongoing efforts and to help ensure consistency, the Department will send a reminder to the Regional Local Program Engineers of the procedures revised March 2022 for the Risk Assessment process. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to establish, document, and maintain effective internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, section 332, Requirements for pass-through entities, establishes requirements for pass-through entities to evaluate each subrecipients’ risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate level of subrecipient monitoring. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-015 The Housing Finance Commission did not have adequate internal controls over and did not comply with reporting requirements for the Homeowner Assistance Fund program Assistance Listing Number and Title: 21.026 COVID-19 Homeowners Assistance Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: None Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Reporting Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-017 Background The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact. The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2025, the Commission spent about $58 million in HAF funds. The Commission implemented a pilot program before launching the main HAF program. The Commission contracted with an entity to help implement the main HAF program and maintain participant data. The Commission is required to submit an annual performance report that provides an overview of its intended and actual uses of funding to-date for the pilot and main HAF programs. The federal grantor identified two key lines items on the report that contained critical information: Key line item 1: Socially Disadvantaged Individuals (SDIs) – Quantifiable Objective Criteria: Participants are providing not less than 60% of funds to homeowners with income less than 100% area median income (AMI) or 100% of U.S. median income. Key line item 2: Area Median Income – Quantifiable Objective Criteria: Participants target homeowners that are classified as SDI and 100% AMI or less. The HAF Plan, approved by the federal grantor, outlines the budget allocations, goals and types of assistance for the Washington HAF program. The HAF reporting portal automatically populates each section of the annual report template with information from this plan. The Commission is required to submit a narrative on the status of each section. Commission staff use participant data provided by the contractor to complete the report template. Once completed, management conducts a review to ensure it is complete and accurate before submitting the report to the Treasury reporting portal. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits we reported the Commission did not have adequate internal controls over reporting requirements for the HAF program. The prior finding numbers were 2024-017 and 2023-025. Description of Condition The Commission did not have adequate internal controls over and did not comply with reporting requirements for the HAF program. We reviewed the report submitted during the audit period that covered federal fiscal year 2024, and identified the following: The Commission underreported the number of homeowners assisted for key line item #1 by 124 or 5.52%. The Commission overreported the number of homeowners assisted for key line item #2 by 112 or 10.47%. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition The Commission stated staff responsible for preparing the report did not include all relevant data needed to complete the report. The review management conducted was insufficient in detecting this issue. Effect of Condition Without establishing adequate internal controls, which should include a thorough review of the reports and the detailed supporting documentation to ensure the correct data is reported, management cannot ensure that the reports are complete and accurate. Recommendation We recommend the Commission: Establish effective internal controls to ensure the reports are accurate and complete Ensure management performs and documents an adequate review of the supporting documentation before submitting reports to the grantor Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported Commission’s Response The Commission concurs with this finding. The Commission has refined their system of controls and management review to ensure that data reported to the federal grantor is complete and accurate. The auditor’s recommendations came before the FY 25 Annual Report was filed and was reflected in the FY 25 Annual Report numbers. Auditor’s Remarks We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to establish, document, and maintain effective internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The U.S. Department of the Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part: HAF participants are required to submit an Annual Performance Report on an annual basis and demonstrate the impact of the HAF-financed programs. Reports should include data related to program outputs and outcomes against the stated objectives of the HAF participant’s HAF Grant Plan. Performance Goals HAF participants initially submitted performance goals on the use of HAF award funds in their approved HAF Plan. Each one of the performance goals should have identified how the HAF participant will address homeowner needs and should have been disaggregated by key characteristics such as mortgage type, racial and ethnic demographics, and/or geographic areas, as appropriate. HAF participants will be required to provide a status update and quantitative measures, if applicable, on each of their initial performance goals set forth in their HAF Plan. Please note, HAF participants will not have the ability to alter their original performance goals noted in their HAF Plan nor add additional performance goals in the Annual Report. Methods for Targeting and HAF Funding HAF participants were asked in their original HAF Plan to describe how the HAF participant will effectively target HAF award funds to (1) homeowners with incomes equal to or less than 100% of the area median income or equal to or less than 100% of the median income for the United States, whichever is greater; and (2) socially disadvantaged individuals. The description included the HAF participant’s targeting strategies. HAF participants will be required to provide an update on their targeting methods and if they have appropriately executed targeting methods according to their original HAF Plan.
2025-016 The Department of Corrections improperly charged $222 to the Coronavirus State and Local Fiscal Recovery Funds program. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $222 Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2025, state agencies spent about $606 million in SLFRF funds, more than $333 million of which was spent by the Department of Corrections. The Department received authority to spend SLFRF funds on salaries and benefits for corrections officers and other support staff serving state correctional institutions. Federal requirements stipulate that states may use SLFRF funds to support public health expenditures, including COVID-19 prevention and mitigation efforts, medical and behavioral healthcare expenses, public health and safety, and premium pay for essential workers. States may only use funds to cover costs incurred during the period of performance, which began on March 3, 2021, and ended December 31, 2024. Federal regulations require recipients to establish, document and maintain effective internal controls to ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. Description of Condition The Department improperly charged $222 to the SLFRF program. We found the Department had adequate internal controls to ensure it materially complied with requirements to use SLFRF funds only for allowable activities. We used a statistical sampling method to randomly select and examine 59 out of 32,650 monthly payroll expenses incurred by the Department to ensure they were allowable and supported by adequate documentation. During our testing, we found one overpayment totaling $222 for employee wages that should have been recorded as leave without pay but was paid as vacation time, as well as shift differential pay that the Department improperly paid. Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold. This issue was not reported as a finding in the prior audit. Cause of Condition During regular payroll processing, an employee’s leave without pay hours were incorrectly processed as paid time off. In addition, the employee received shift differential pay that they were not eligible for based on their work hours. These errors led to an overpayment charged to the program. Department management did not verify the allowability of payroll expenses before charging the expenses to the federal award, including verifying the employee’s work hours qualified them to receive shift differential pay. Effect of Condition and Questioned Costs The Department improperly charged the SLFRF program for costs, as outlined in the table below: Projection to Population Known Questioned Costs Likely Questioned Costs Federal expenditures $222 $123,019 Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely questioned cost projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 2 CFR 200.516(a)(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid. Department’s Response The Department of Corrections (DOC) would like to thank the State Auditor’s Office (SAO) for the audit of the Coronavirus State and Local Fiscal Recovery Funds (SLFRF) grant. The Department agrees that questioned costs were charged to the grant due to an employee’s overpayment. While the SAO has complimented our internal controls and processes for being able to track each line item in the SLFRF, we also know that internal controls can always be improved. The Department will work with the Office of Financial Management (OFM) to discuss questionable costs with the grantor. The Department appreciated the patience of the SAO in obtaining supporting documentation and having clarifying conversations during the audit. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
2025-017 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-023 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2025, state agencies spent about $605 million in SLFRF funds, more than $117 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects, including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2025, the Department expended about $116 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under projects with the Department. Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse (FAC) within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes to subrecipients, the Department must follow up with subrecipients to ensure they take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the FAC. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. To monitor its compliance with these requirements, the Department’s Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. In some cases, the subrecipients included on this list are provided to the Internal Control Office by program staff. The ICO also runs financial reports in an effort to identify subrecipients that should be monitored. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding number was 2024-023. Description of Condition The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2025, state agencies spent about $605 million in SLFRF funds, more than $117 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects, including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2025, the Department expended about $116 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under projects with the Department. Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse (FAC) within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes to subrecipients, the Department must follow up with subrecipients to ensure they take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the FAC. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. To monitor its compliance with these requirements, the Department’s Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. In some cases, the subrecipients included on this list are provided to the Internal Control Office by program staff. The ICO also runs financial reports in an effort to identify subrecipients that should be monitored. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding number was 2024-023. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions. We examined the Excel workbook the Department used during the audit period to monitor compliance with these requirements and determined the Department did not sufficiently design it to ensure the Department was compliant with subrecipient single audit requirements for the following reasons. The workbook: •Lacks a field to calculate or track when the subrecipient single audit is due to allow the Department to determine if the subrecipient submitted its report on time •Contains a field that documents the date when the Department reviews the subrecipient’s single audit status in the FAC. The workbook shows the Department reviewed this once (over approximately a five-week period) during the audit period. Since subrecipients have different fiscal year end dates, this single review per year is not sufficient to ensure compliance with the nine-month single audit submission and six-month management decision letter issuance, if applicable. During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients. We compared the subrecipients on the spreadsheet to the FAC to determine which received single audits. We found 58 SLFRF subrecipients received a single audit during the audit period. We randomly sampled twelve subrecipients that were required to receive a single audit. The Department did not properly track four (33%) of the 12 subrecipients to ensure they had submitted single audit reports and reviewed their audits for program-funded findings. In these four instances, the Department’s records indicated it did not review for these audit reports until after the audits were past due, and the reports had already been filed in the FAC. Furthermore, in this workbook: •Three (5%) of the 58 subrecipients were not listed on the Department’s single audit tracker. •For one (2%) of the 58 subrecipients, we could not verify on the Department’s tracker the subrecipient’s fiscal year-end date nor verify if they had reported a single audit in the FAC. Additionally, we found 22 subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. We requested documentation to verify this occurred. The Department issued six management letters (27%) past the due date, with one being issued five months late. Additionally, the Department did not provide management decisions letters for seven (32%) other subrecipients. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department did not implement adequate internal controls to ensure proper monitoring and review of subrecipient single audit submissions and issuance of management decision letters, if applicable. ICO staff said it is complicated to identify all the subrecipients that need to be monitored. The Office relies heavily on information from program staff and does its best to verify the information is accurate by running its own reports. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure all subrecipients received single audits when they were required. Additionally, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. When it fails to ensure subrecipients establish corrective actions and management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Department: •Monitor all subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations •Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions for all findings, as required •Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations •Issue a written management decision for all applicable audit findings, if necessary Department’s Response The Department acknowledges the Washington State Auditor’s Office’s (SAO) finding, and notes we have strong and comprehensive internal controls over subrecipient monitoring for audit requirements. The Internal Controls Office (ICO) completes the monitoring as required by 2 CFR 200.521 and Title 45 CFR Part 75 section 352 d 3 and f. Several exceptions reported included language regarding processes referencing a non-SLFRF population and does not accurately reflect the comprehensive monitoring performed. The following are the Department’s responses to deficiencies listed in order of reporting: •No criteria, including all CFR’s referenced in this finding, require the Department ensure a subrecipient receives or submits a single audit. The CFR’s require the Department to •monitor and document the results of that reporting and monitoring. The ICO does follow-up with program management when subrecipients are identified as non-reporters. •The ICO tracking process includes a field to track dates audits are submitted. The Department’s monitoring is documented based on the reporting year and the subrecipient’s submission. Each subrecipient determines their own submission date. The criteria cited in this finding nor other applicable CFR’s require specific fields be documented, they require submission monitoring, tracking and the issuance of management decision letters. •Four subrecipients reported as “not monitored” were monitored and tracked on the tracking spreadsheet provided to SAO during the audit. Three of the four did not submit their reports within the deadline. Commerce has no oversight over subrecipient submission, and no criteria exists for that process. Commerce is required to monitor. The Department requested this exception be removed through the technical change process. •The exception reported for dates tracked was copied from a non-SLFRF program finding and does not accurately report dates tracked which was provided to SAO during the audit. The Department tracked, monitored subrecipients and documented the action completed starting on 1/28/25 and ending on 3/6/25 with a total of 14 different dates submissions were monitored. The Department requested this exception be removed through the technical change request process. •The Department confirms four management decision letters were not issued within the six month timeframe. Two were issued prior to the draft finding being issued and two have been completed and are awaiting approval. •The Department did monitor the subrecipient who did not report and provided that support to the SAO during the audit. The subrecipient’s submission was reviewed first on 2/6/25 and no submission has been completed. The Department requested this exception be removed through the technical change process. •The Department confirms six management decision letters were issued past the six month deadline, most within a few days of the deadline. One decision issued required special handling and additional care for its issuance. •Of the seven deficiencies the SAO reported as exceptions, the Department issued two management letters prior to the issuance of the draft finding and two are completed and awaiting issuance. For the remaining three, the SAO did not verify the exceptions identified were within the Department’s oversight. The errors include the following: oOne subrecipient did not receive funding from the Department for any of the findings issued oOne subrecipient received their SLFRF funding directly from the Department of Treasury oOne subrecipient received a financial statement finding which are not included in the single audit requirements •The Department asserts it does have adequate internal controls in place that are working effectively as required by the CFR. The ICO runs a state financial system report of expenditures for subrecipients who receive federal funding. The ICO does not rely on lists provided by programs to confirm the subrecipients. That language was copied from a non-SLFRF finding issued which includes a different confirmation process for subrecipients It is important to note the Department was not provided with an opportunity to respond to the deficiencies before the draft finding was issued. This was confirmed via email from the Assistant Director of State Audit and Special Investigations on February 5, 2026. Had the Department been provided time to respond, we assert several of the exceptions reported should have been removed. The Department has requested the errors reported in the finding be removed through the technical change request process but no revisions have been completed as of the date of this response. Auditor’s Remarks The requirements for pass-through entities in the Uniform Guidance (2 CFR 200.332(g)) stipulate that pass-through entities must verify each subrecipient is audited as required under Subpart F (2 CFR 200.501). We maintain that the Department did not have adequate internal controls to monitor its SLFRF subrecipients to ensure each subrecipient was audited as required under Subpart F, and that it did not issue management decisions for all related findings to its subrecipients. The Department did not provide our Office with any documentation during this audit to demonstrate that it communicated with its subrecipients that had overdue single audits. Additionally, without tracking when single audits are due for each of its subrecipients, and without continuously monitoring its subrecipients for audit submissions throughout the fiscal year, the Department cannot ensure it is detecting when subrecipients do not comply with federal regulations to submit their single audit reports in the FAC. As stated above, the Department only monitored its subrecipients to determine if single audits were performed over a five-week period during the fiscal year. We also wish to point out that during this audit we requested and reviewed all management decisions provided by the Department to its subrecipients. We noted seven instances where no management decisions had been issued. We appreciate the Department following up on these instances immediately after they were detected, but we did not consider management decisions issued after the audit period had ended when determining our opinion on compliance. We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-018 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-022 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury (Treasury), which the state’s Office of Financial Management (OFM) allocated to state agencies for various programs. In fiscal year 2025, state agencies spent about $605 million in SLFRF funds, more than $117 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support infrastructure projects and affordable housing construction through its affordable housing, broadband infrastructure, and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2025, the Department expended over $116 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of their subrecipients to ensure they are properly using federal funds. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF. The prior finding numbers were 2024-022, 2023-031 and 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF. During state fiscal year 2025, the Department awarded more than $19 million in SLFRF funds for infrastructure projects to four subrecipients. We examined all four subrecipients, including one individually significant subrecipient, and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of the subrecipients (50%). We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition Program management stated it was not aware of the requirement to perform and document risk assessments of its subrecipients during the audit period as it executed subawards prior to the obligation cutoff date of December 31, 2024, established by the Department of Treasury and OFM. In prior years, the Department completed risk assessments during the initial phase of awarding new SLFRF projects, prior to obligating federal funding, and during the audit period, management inadvertently removed this step from its subaward execution processes. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity. Without performing risk assessments of subrecipients that received SLFRF funding, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: Improve internal controls to ensure all subrecipients undergo a risk assessment at the time of receiving a subaward, to determine the appropriate level of monitoring for the subrecipient Ensure it performs and documents the required risk assessments for management to evaluate the results, determine the appropriate level of monitoring for the subrecipient, and demonstrate compliance with federal requirements Department’s Response The Department acknowledges the results of the Washington State Auditor’s Office’s audit of the fiscal year 2025 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) audit of risk assessments for subrecipients. Out of the SLFRF funding the Department expended for fiscal year 2025, the audit included the following SLFRF programs: Local Government Division - Infrastructure Programs Local Government Division Washington State Broadband Office – Broadband Infrastructure Grants Housing Division – Affordable Housing Transitional Housing Division – Affordable Housing Connections The SLFRF program monitoring finding reported deficiencies in one of the Department’s programs included as part of the audit: Infrastructure Programs The Department confirms risk assessments were not conducted for two subrecipients. The Infrastructure Projects program will not be granting any additional SLFRF awards and will not need to conduct any additional risk assessments since the obligation cutoff date of December 31, 2024 has passed. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-019 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform program monitoring for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2025, state agencies spent about $605 million in SLFRF funds, more than $117 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support infrastructure projects and affordable housing construction through its affordable housing, broadband infrastructure, and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2025, the Department expended more than $116 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Under the Uniform Guidance, pass-through entities are required to monitor the activities of their subrecipients to ensure the subrecipients comply with federal statutes, regulations, and the terms of conditions of subawards. These requirements also include reviewing financial and performance reports required of the subrecipient. The Department’s Special Terms and Conditions included in subawards for capital projects include the requirement for each subrecipient to submit a Project Status Report with every payment request. This report must describe in narrative form the progress made on the SLFRF project since the last invoice was submitted for payment, and provide a detailed description of the project’s status to-date. The Department’s program managers are instructed to review these reports and withhold payment to subrecipients that do not submit a project status report with their invoices. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform program monitoring for subrecipients of the SLFRF. We used a non-statistical sampling method to randomly select and examine 12 out of 26 subrecipients to determine whether the Department reviewed and approved Project Status Reports submitted by the subrecipients as required by the terms and conditions of the subaward. We also examined three individually significant subrecipients. We found six subrecipients (40%), five of the sampled subrecipients as well as one individually significant one, did not submit Project Status Reports with their invoices for payment, as required by the Department. In total, these subrecipients failed to submit 13 out of 117 (11%) reports that were due. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department did not follow up with subrecipients to request missing Project Status Reports when reviewing invoices for payment because it believed that the subrecipients could still be appropriately monitored without receiving the reports. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it is appropriately monitoring subrecipients for all requirements imposed in the terms and conditions of the subaward, as required by the Uniform Guidance. Without receiving project status reports of subrecipients that received SLFRF funding, the Department is less likely to be able to determine if the goal and objectives of the capital projects furnished by the subawards are being achieved. Not receiving and reviewing project status reports also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: · Improve its monitoring of Project Status Reports to ensure subrecipients submit the reports with each request for payment, as required by the terms and conditions of the subaward · Ensure it reviews Project Status Reports for each subrecipient to ensure the goals and objectives of the project are being met and that the subrecipient has complied with all program requirements Department’s Response The Department acknowledges the results of the Washington State Auditor’s Office’s audit of the fiscal year 2025 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) audit of program monitoring. Out of the SLFRF funding the Department expended for fiscal year 2025, the audit included the following SLFRF programs: · Local Government Division - Infrastructure Programs · Local Government Division Washington State Broadband Office – Broadband Infrastructure Grants · Housing Division – Affordable Housing Transitional · Housing Division – Affordable Housing Connections The SLFRF program monitoring finding reported deficiencies for two of the Department’s programs which were included as part of the audit: Infrastructure Programs and the Broadband Infrastructure Grants. Each program provided responses for the deficiencies reported as follows: · The Infrastructure Grants program agrees with the identified exceptions. To ensure compliance with the SLFRF subrecipient contract Special Terms and Conditions, all active subrecipients will be required to submit a project status report with each reimbursement request before the program manager will review and approve each payment. · The WSBO acknowledges the exceptions included missing project status reports for two projects A-19 submissions and recognize this as an opportunity for improvement. The standard process requires project managers collect all documentation submitted with A-19s, verify that costs are allowable, and confirm receipt of all required materials. While this internal control is in place, it has not been consistently applied. To strengthen compliance, the office will implement an additional layer of review including that leadership will conduct checks on project managers A-19 acceptances on a quarterly basis. As a result of the identified deficiencies reported, the office has provided refresher training to project managers to reinforce documentation requirements and ensure that missing information is requested prior to invoice approval. Additionally, the office has contacted subgrantees to obtain copies of available missing reports. Moving forward, we have communicated to subgrantees that A-19s will not be processed until all required documentation has been received and reviewed by our office. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, describes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The Washington State Department of Commerce American Rescue Plan Act, State and Local Fiscal Recovery Funds Capital Agreement (July 2021), Special Terms and Conditions, states in part: 1. Billing Procedures and Payment COMMERCE shall reimburse the GRANTEE for eligible Project expenditures, up to the maximum payable under this Grant Agreement. When requesting reimbursement for expenditures made, the GRANTEE shall submit to COMMERCE a signed and completed Invoice Voucher (Form A-19), that documents capitalized Project activity performed for the billing period. The GRANTEE can submit all Invoice Vouchers and any required documentation electronically through COMMERCE’s Grants Management System (CMS), which is available through the Secure Access Washington (SAW) portal. The invoices shall describe and document, to COMMERCE's satisfaction, a description of the work performed, the progress of the project, and fees. The invoice shall include the Grant Number listed on the contract Face Sheet. If expenses are invoiced, provide a detailed breakdown of each type. A receipt must accompany any single expenses in the amount of $50.00 or more in order to receive reimbursement. The voucher must be certified (signed) by an official of the GRANTEE with authority to bind the GRANTEE. The final voucher shall be submitted to COMMERCE within sixty (60) days following the completion of work or other termination of this Grant Agreement, or if work is not completed or Grant terminated, within fifteen (15) days following the end of the state biennium unless Grant Agreement funds are reappropriated by the Legislature in accordance with Additional Special Terms and Conditions set forth in the Declarations page above. Each request for payment must be accompanied by a Project Status Report, which describes, in narrative form, the progress made on the Project since the last invoice was submitted, as well as a report of Project status to date. COMMERCE will not release payment for any reimbursement request received unless and until the Project Status Report is received. After approving the Invoice Voucher and Project Status Report, COMMERCE shall promptly remit a warrant to the GRANTEE.
2025-006 The Department of Health did not have adequate internal controls over cash management for the Epidemiology and Laboratory Capacity for Infectious Diseases, the Immunization Cooperative Agreements and the WIC Special Supplemental Nutrition Program for Women, Infants, and Children programs. Assistance Listing Number and Title: 10.557 WIC Special Supplemental Nutrition Program for Women, Infants, and Children 93.268 Immunization Cooperative Agreements 93.268 COVID-19 Immunization Cooperative Agreements 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases 93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases Federal Grantor Name: U.S. Department of Agriculture U.S. Department of Health and Human Services Federal Award/Contract Number: Too numerous to list Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Cash Management Known Questioned Cost Amount: $160,206 Prior Year Audit Finding: Yes, Finding 2024-033 & 2024-036 Background The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports several specific infectious disease programs and projects and provides special appropriations in response to infectious disease emergencies. For the ELC program, the Department spent more than $99 million in federal grant funds during fiscal year 2025. The Department of Health also administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2025, the Department spent more than $40 million in federal program funds for the Immunization program and received more than $114 million in noncash assistance from the federal grantor in the form of vaccines. The Department of Health also administers the WIC Special Supplemental Nutrition Program for Women, Infants, and Children (WIC) program. The program provides supplemental nutritious foods, nutrition education (including breastfeeding promotion and support), and referrals to health care for low-income persons during critical periods of growth and development. Such persons include pregnant women, breastfeeding women up to one year postpartum, non-breastfeeding women up to 6 months postpartum, infants (children under one year of age), and children under age 5 determined to be at nutritional risk. In fiscal year 2025, the Department spent more than $162 million in federal program funds for the WIC program and received almost $25 million in infant formula rebates from private companies. The ELC and WIC programs are subject to the Cash Management Improvement Act (CMIA) and are included in the Treasury-State Agreement for Washington. The Immunization program is not subject to the CMIA. The primary purpose of the CMIA agreement is to ensure states request federal funds when they are needed so that no interest is gained or lost by either the federal or state governments. The agreement specifies the funding technique the Department should use when requesting federal funds. The Department shall draw funds semi-monthly, according to the state payroll schedule. The Department maintains the Grant Management System (GMS) that is used to calculate cash draw amounts. The Department also utilizes the Cost Allocation System (CAS) to calculate indirect costs associated with expenditures. The Department uses these systems as agency-wide tools to manage all its federal grants. Daily, federal grant revenue and expenditures are automatically uploaded from the Department’s accounting system into its AFRS Data Distribution Services (ADDS) database. Department staff can pull data from ADDS by running queries in GMS and CAS. To ensure that the data is properly uploaded, Department staff perform a manual reconciliation between ADDS and the accounting system every workday. The Department also maintains a chart of accounts (COA) system that feeds coding information into GMS and CAS to instruct these systems how to allocate grant expenditures. Department staff generate a Grant Draw Report from GMS that provides the necessary information to complete a cash draw. This report includes calculations for the cash draw amount performed by GMS, as well as indirect costs calculated by CAS, using expenditure and revenue data received from the ADDS system. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over cash management for the ELC and Immunization programs. The prior finding numbers were 2024-036 and 2024-033. Description of Condition The Department did not have adequate internal controls over cash management for the ELC, Immunization, and WIC programs. Since the Department’s internal controls reviewed are a centralized process, our testing included all its federal programs we reviewed for this audit. We judgmentally selected three cash draws and found two instances where indirect expenditures reported on the Grant Draw Report exceeded the amounts reflected on the Cost Allocation System Reports. The Department was unable to provide an explanation for the discrepancies by the completion of testing. These discrepancies resulted in an overdraw of $160,206. We also examined the Department’s internal controls over updating the COA to determine if the coding associated with each award entered in GMS and CAS was accurate. We found: The Department did not have documented change management procedures for changes to the GMS stored procedures. Certain individuals could update account coding information in the COA without review or approval. Automated notifications were not sent out to alert staff when changes were made to COA data, increasing the risk that unauthorized changes could be made and not detected in a timely manner. The Department did not have adequate controls in place to prevent or identify when an Organization Index is assigned to more than one revenue source in the COA. Having more than one revenue source code assigned to the same index code can result in inaccurate amounts recorded for federal grants. We consider these internal control weaknesses to be a significant deficiency. These issues are also noted in finding 2025-022. Cause of Condition The Department did not have adequate internal controls to ensure the data used to complete cash draws was accurate and complete. The Department also does not have adequate controls in place to detect coding errors that would result in incorrect data being used to calculate the federal draw. Coding errors in the chart of accounts resulted in indirect expenditures being overcharged to the grant. Effect of Condition and Questioned Costs Not implementing adequate internal controls can result in inaccurate amounts recorded and drawn for federal grants. The Department overdrew indirect expenditures by $160,206, which we are reporting as questioned costs. Overdraws can result in the Department having to repay the grantor. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Department ensure it: Has adequate internal controls in place over the updating and accuracy of the chart of accounts and GMS stored procedures Has adequate controls in place to properly calculate cash draw amounts in GMS Department’s Response The Department acknowledges the importance of maintaining strong internal controls over cash management to ensure federal funds are drawn accurately, timely, and in compliance with applicable federal requirements. During the audit period, the Department identified issues within the Grants Management System and made every effort to fix the issue although we were unable to implement system enhancements prior to the end of the audit period. The Department continues to evaluate these issues and is actively working to update the system to ensure accurate and compliant drawdowns. In the interim, the Department has implemented compensating controls to mitigate the risk associated with this finding. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 31 U.S. Code of Federal Regulations (CFR) Part 205, Rules and Procedures for Efficient Federal-State Funds Transfers, section 11, What requirements apply to funding techniques?, states in part: (b) A State and a Federal Program Agency must limit the amount of funds transferred to the minimum required to meet a State's actual and immediate cash needs. Title 31 CFR Part 205.29, What are the State oversight and compliance responsibilities? states in part: (d) If a State repeatedly or deliberately fails to request funds in accordance with the procedures established for its funding techniques, as set forth in § 205.11, § 205.12, or a Treasury-State agreement, we may deny the State payment or credit for the resulting Federal interest liability, notwithstanding any other provision of this part. (e) If a State materially fails to comply with this subpart A, we may, in addition to the action described in paragraph (d) of this section, take one or more of the following actions, as appropriate under the circumstances: (1) Deny the reimbursement of all or a part of the State's interest calculation cost claim; (2) Send notification of the non-compliance to the affected Federal Program Agency for appropriate action, including, where appropriate, a determination regarding the impact of non-compliance on program funding; (3) Request a Federal Program Agency or the General Accounting Office to conduct an audit of the State to determine interest owed to the Federal government, and to implement procedures to recover such interest; (4) Initiate a debt collection process to recover claims owed to the United States; or (5) Take other remedies legally available. Title 31 CFR Subpart B—Rules Applicable to Federal Assistance Programs Not Included in a Treasury-State Agreement part 205.33 How are funds transfers processed? states in part: (a) A State must minimize the time between the drawdown of Federal funds from the Federal government and their disbursement for Federal program purposes. A Federal Program Agency must limit a funds transfer to a State to the minimum amounts needed by the State and must time the disbursement to be in accord with the actual, immediate cash requirements of the State in carrying out a Federal assistance program or project. The timing and amount of funds transfers must be as close as is administratively feasible to a State's actual cash outlay for direct program costs and the proportionate share of any allowable indirect costs. States should exercise sound cash management in funds transfers to subgrantees in accordance with OMB Circular A-102. Title 45 U.S. Code of Federal Regulations (CFR) Part 75 Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards section 2 establishes definitions for questioned costs. Title 45 Part 75 section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 Part 75 section 403 establishes the factors affecting the allowability of costs. Title 45 Part 75 section 410 establishes requirements for the collection of unallowable costs. Title 45 Part 75 section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The Cash Management Improvement Act (CMIA) Agreement of 2025, states in part: 6.2.4 The following are terms under which State unique funding techniques shall be implemented for all transfers of funds to which the funding technique is applied in section 6.3.2 of this Agreement. Modified Direct Program Costs - Admin, Payroll, Payments to Providers: The State shall request funds for all direct administrative costs and/or payroll costs, and/or payments made to providers and to support providers. The request shall be made in accordance with the appropriate Federal agency cut-off time specified in Exhibit I. The amount of the funds requested shall be based on the amount of expenditures recorded for direct administrative costs and/or payroll costs and/or payments made to providers or to support providers since the last request for funds. The State payroll cycle is payday twice a month. Draws made the day before payday are for deposit on payday. The draw request will be made in accordance with the cutoff time in Exhibit 1. The amount of the funds requested shall be based on the amount of expenditures recorded for direct administrative costs and/or payroll costs and/or payments made to providers or to support providers since the last request for funds. This funding technique is interest neutral. Modified Direct Program Costs: Except for managed care payments, the State shall request funds for direct program costs to providers and clients. The draw will occur on fixed intervals. Managed care payments will have a separate draw. The request shall be made in accordance with the appropriate Federal agency cut-off time specified in Exhibit I. Managed care payments will be drawn the day before the payment to providers, so funds are received on date of managed care payments. The amount of the draw will be an accumulation of program costs since the last draw. This funding technique is interest neutral. 6.3.2 Programs 10.557 Special Supplemental Nutrition Program for Women, Infants, and Children Recipient: Department of Health % of Funds Agency Receives: 66 Component: Direct program/benefit payments for food voucher redemption. Rebates offset the direct program/benefit payments. This is a zero balance account. Technique: Modified Direct Program Costs Average Day of Clearance: 0 Days 10.557 Special Supplemental Nutrition Program for Women, Infants, and Children Recipient: Department of Health % of Funds Agency Receives: 34 Component: Administrative costs including payroll - salary, benefits, contractual and related expenditures Technique: Modified Direct Program Costs - Admin, Payroll, Payments to Providers Average Day of Clearance: 0 Days 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) Recipient: Department of Health % of Funds Agency Receives: 100 Component: Admin, payroll, payments to providers Technique: Modified Direct Program Costs - Admin, Payroll, Payments to Providers Average Day of Clearance: 0 Days
2025-021 The Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable and met cost principles for the Epidemiology and Laboratory Capacity for Infectious Diseases and the Immunization Cooperative Agreements programs. Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements 93.268 COVID-19 Immunization Cooperative Agreements 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases 93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: Too numerous to list Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs / Cost Principles Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Findings 2024-037 and 2024-032 Background The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports several specific infectious disease programs and projects and provides special appropriations in response to infectious disease emergencies. For the ELC program, the Department spent more than $99 million in federal grant funds during fiscal year 2025, more than $20 million of which it disbursed to subrecipients. The Department of Health also administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2025, the Department spent more than $40 million in federal program funds for the Immunization program, about $7.3 million of which it disbursed to subrecipients. The Department also received more than $114 million in noncash assistance from the federal grantor in the form of vaccines. To help carry out the programs’ objectives, the Department issues consolidated contracts to Local Health Jurisdictions (LHJs) that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs. The Department awards federal funds to subrecipients on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low-, moderate- and high-risk subrecipients for each of the following expense categories: Salaries and benefits Equipment ($5,000 or more) Materials and supplies Meals Outreach materials Travel Training Contracts and sub-sub-subrecipients Administrative/indirect costs During the audit period, LHJs submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The emails were sent to Department program staff requesting review to ensure the payment was allowable. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved. Program staff documented their review and approval of the reimbursement request in a tracking workbook. The workbook was only used at the program level, so it was not shared with the fiscal staff to communicate approval before issuing payment. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls to ensure payments to subrecipients of the ELC and Immunization programs were allowable and met cost principles. The prior finding numbers were 2024-037, 2024-032, 2023-046, 2023-044, 2022-033, and 2022-031. Description of Condition The Department did not have adequate internal controls to ensure payments to subrecipients were allowable and met cost principles for the ELC and Immunization programs. Department program staff are required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payments. As a result, the Department paid the LHJs without knowing whether program staff reviewed and approved these expenditures. We consider this internal control deficiency to be a material weakness. Cause of Condition The Department’s established procedures allowed for paying LHJs without ensuring program staff reviewed and determined the payment was allowable and adequately supported. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes. Recommendation We recommend the Department improve internal controls to ensure program staff review, approve and communicate approval of expenditures to those issuing payment to verify they are for allowable activities and costs before payment. Department’s Response The Department concurs that enhancements to documentation and communication between program and fiscal staff will further strengthen the clarity and consistency of the subrecipient reimbursement review and approval process for the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) and Immunization programs. The Department is implementing procedural refinements to better evidence programmatic approval prior to payment. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 2, Definitions, includes the definition of improper payment. 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. 45 CFR Part 75, section 403, Factors Affecting Allowability of Costs. 45 CFR Part 75, section 410, Collection of Unallowable Costs. 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Washington State Department of Health A-19 Documentation Matrix Approved by FMU 7/1/2022 This is the backup documentation required based on the determined risk level. Please ensure the detailed GL expenditure report clearly aligns with the A19 form. More supporting documentation may be requested by programs at any time due to programmatic requirements regardless of risk category. Expenditure Category Salaries and Benefits Low-Risk A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ·Employee name ·Salaries & Wages Example: Salary Bob Smith $5,324.75 Ann Brown $1,245.52 Benefits $1,750.35 Note: Salaries and benefits must be broken out as separate line items. Moderate-Risk A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ·Employee name ·Salaries & Wages Example: Salary Bob Smith $5,324.75 Ann Brown $1,245.52 Benefits $1,750.35 Note: Salaries and benefits must be broken out as separate line items. High-Risk A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ·Employee name ·Salaries & Wages ·Hours worked Example: Salary Bob Smith $5,324.75 (168 hrs.) Ann Brown $1,245.52 (34 hrs.) Benefits $1,750.35 Note: Salaries and benefits must be broken out as separate line items. Expenditure Category Equipment ($5,000 or more) Low-Risk A-19 and a detailed GL expenditure report. Moderate-Risk A-19 and a detailed GL expenditure report with DOH preapproval. High-Risk A-19 and a detailed GL expenditure report with DOH preapproval and copy of the invoice. Expenditure Category Materials and Supplies Low-Risk A-19 and a detailed GL expenditure report Moderate-Risk A-19 and a detailed GL expenditure report. Copies of invoices for transactions over $2,500. Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting documentation. High-Risk A-19 and a detailed GL expenditure report. Copies of invoices for transactions over $1,000. Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting documentation. Expenditure Category Outreach Materials All outreach materials must be allowable according to grant terms and conditions. Low-Risk A-19 and a detailed GL expenditure report. Moderate-Risk A-19 and a detailed GL expenditure report. Pre-approval required for all outreach materials in excess of $2,500. High-Risk A-19 and a detailed GL expenditure report. Pre-approval required for all outreach materials in excess of $1,000: AND ·Sample of Outreach materials Expenditure Category Meals Low-Risk A-19 and a detailed GL expenditure report and receipt. Moderate-Risk A-19 and a detailed GL expenditure report with receipt and number of participants or meeting invite. High-Risk A-19 and a detailed GL expenditure report with receipt, number of participants and sign in roster. Expenditure Category Travel Low-Risk A-19 and a detailed GL expenditure report. Moderate-Risk A-19 and a detailed GL expenditure report and purpose of travel. High-Risk A-19 and a detailed GL expenditure report and purpose of travel: AND ·Pre-approval for out of state travel. Expenditure Category Training Low-Risk A-19 and a detailed GL expenditure report. Moderate-Risk A-19 and a detailed GL expenditure report and receipt for training. High-Risk A-19 and a detailed GL expenditure report and receipt for training: AND ·Agenda Expenditure Category Contracts (If the DOH subrecipient is contracting out with an agency to perform work charged to the grant) Low-Risk A-19 and a detailed GL expenditure report. Moderate-Risk A-19 and a detailed GL expenditure report that provides: AND ·Invoices for individual transactions over $5,000. High-Risk A-19 and a detailed GL expenditure report that provides: AND ·Invoices for individual transactions over $1,000. Expenditure Category Sub-Sub recipients (If the DOH subrecipient is passing funds through to another agency as a subrecipient) Low-Risk A-19 and a detailed GL expenditure report. Moderate-Risk A-19 and a detailed GL expenditure report. ·A copy of all invoices over $5,000 with a detailed GL report. High-Risk A-19 and a detailed GL expenditure report. ·A copy of all invoices over $1,000 with a detailed GL report. NOTE: Indirect costs included on A19s must include verification of the following: Indirect plan is current and on file with DOH Indirect rate is being applied accurately to allowable expenditures If the indirect cost rate plan has expired, no indirect costs can be charged If the subrecipient is using 10% de minimis they must complete DOH de minimis certification
2025-022 The Department of Health did not have adequate internal controls over and did not comply with reporting requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases and the Immunization Cooperative Agreements programs. Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements 93.268 COVID-19 Immunization Cooperative Agreements 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases 93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: Too numerous to list Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Reporting Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-033 Background The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports several specific infectious disease programs and projects and provides special appropriations in response to infectious disease emergencies. For the ELC program, the Department spent more than $99 million in federal grant funds during fiscal year 2025. The Department of Health also administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2025, the Department spent more than $40 million in federal program funds for the Immunization program and received more than $114 million in noncash assistance from the federal grantor in the form of vaccines. For each open grant the Department is required to submit an annual SF-425 Federal Financial Report (SF-425) to the federal grantor to report the financial status of the award. These reports summarize key financial information including revenue, unobligated balances, and direct and indirect expenditures, and is intended to reflect the recipient’s actual financial position as of the reporting date. The Department maintains the Grant Management System (GMS) that it uses to calculate cash draw amounts and pull financial data needed to complete the SF-425 reports. The Department also uses the Cost Allocation System (CAS) to calculate indirect costs associated with expenditures. The Department uses these systems as agency-wide tools to manage all its federal grants. Daily, federal grant revenue and expenditures are automatically uploaded from the Department’s accounting system into its AFRS Data Distribution Services (ADDS) database. Department staff can pull data from ADDS by running queries in GMS and CAS. The Department also maintains a chart of accounts system that feeds coding information into GMS and CAS to instruct these systems how to allocate grant expenditures. Department staff generate a report from GMS that provides the necessary information to complete a SF-425 report. Certain portions of the SF-425 are prepopulated or supported by information already captured within federal or agency financial systems, grantees remain responsible for ensuring the report is complete, accurate and based on current accounting records. Federal grantors use the SF-425 to monitor award activity, assess remaining funding availability and evaluate compliance with financial reporting requirements. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over reporting for the Immunization program. The prior finding number was 2024-033. Description of Condition The Department did not have adequate internal controls over and did not comply with reporting requirements for the ELC and Immunization programs. Since the Department’s internal controls reviewed are a centralized process, our testing included all its federal programs we reviewed for reporting requirements for this audit. GMS Automated Control The Department’s preparation of the SF-425 reports relied on data compiled through the GMS, which automatically aggregates expenditures and revenues using information transferred from AFRS and indirect costs calculated through the CAS. As described in a separate audit finding related to cash management, we identified a significant deficiency in controls over the accuracy and review of data used by GMS, including weaknesses related to chart of accounts coding and indirect cost calculations. These control deficiencies affected the reliability of information used to prepare the SF-425 reports. See finding 2025-007 for additional details. SF-425 Reports We used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 43 SF-425 reports submitted for the ELC and Immunization programs during state fiscal year 2025. We reviewed the reports and found five (38%) in which the Department did not accurately report unobligated balances. Instead of reporting currently obligated and unobligated totals, the Department reported the awards as fully obligated. We consider these internal control deficiencies to be material weaknesses, which led to material noncompliance. These issues are also noted in finding 2025–006. Cause of Condition The Department did not have adequate internal controls in place to ensure the data used to complete reports was accurate and complete. The Department also did not have adequate controls in place to detect coding errors that would result in it using incorrect data for reports. Coding errors in the chart of accounts resulted in the Department reporting inaccurate amounts for the grant. Staff also inappropriately reported unobligated federal funds as obligated on the reports. Effect of Condition Not implementing adequate internal controls led to the Department reporting inaccurate amounts on the SF-425 for federal grants. Without accurately reporting unobligated balances on the SF-425, the Department’s financial reporting did not reflect the current award status for the ELC program. This misreporting could mislead the federal grantor regarding the Department’s actual use of funds. Without an accurate SF-425, the federal grantor is unable to make informed decisions regarding the grant. This condition limited the ability to rely on interim financial reporting as a monitoring tool and increased the risk that federal oversight and decisions were made based on incomplete or inaccurate information. Recommendation We recommend the Department: Implement adequate internal controls to ensure data used for the SF-425 is complete and accurate Follow federal guidance when completing SF-425 reports to ensure it fills out reports correctly Department’s Response The Department acknowledges the need to strengthen internal controls over financial reporting for the Epidemiology and Laboratory Capacity (ELC) and Immunization Cooperative Agreements programs. The Department recognizes the importance of maintaining effective internal controls over the systems and processes used to prepare SF-425 Federal Financial Reports, including data inputs, coding structures, indirect cost allocations, and review procedures. While processes were in place to support reporting, the Department has identified opportunities to enhance oversight, validation, and documentation to ensure continued compliance with federal reporting requirements. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75 Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 Part 75 section 341, Financial reporting, states: Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting. Title 45 Part 75 section 516, Audit findings, establishes reporting requirements for audit findings. CDC General Terms and Conditions for Research Grant and Cooperative Agreements, states in part: Annual Federal Financial Report (FFR, SF-425): The Annual Federal Financial Report (FFR) SF- 425 is required and must be submitted no later than 90 days after the end of the budget period in the Payment Management System. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-023 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Epidemiology and Laboratory Capacity for Infectious Diseases program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases 93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: Too numerous to list Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-041 Background The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $99 million in federal grant funds during fiscal year 2025, more than $20 million of which it disbursed to subrecipients. Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. To monitor its compliance with these requirements, the Department uses an Excel spreadsheet to track subrecipients’ single audits. Federal regulations also require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the ELC program received required single audits and appropriately followed up on findings and issued management decisions. The prior finding numbers were 2024-041 and 2023-049. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure its subrecipients of the ELC program received required single audits, and that it appropriately followed up on findings and issued management decisions. The Department did not have written policies or procedures over its process for tracking subrecipients’ single audits. To monitor compliance with these requirements, the Department used an Excel spreadsheet to track subrecipients’ single audits and the agency’s follow-up actions, if necessary. However, after examining the spreadsheet, we found seven subrecipients that required audit tracking were missing. We reviewed the federal audit clearinghouse and found the following information for the subrecipients that were not tracked by the Department: One subrecipient had no audit submitted. Two subrecipients had completed single audits after the required deadline. Four subrecipients had completed single audits before the deadline. During fiscal year 2025, one subrecipient received an ELC finding, which the Department documented in the tracking spreadsheet. However, the spreadsheet did not document any follow-up with the subrecipient or review of a corrective action plan. In addition, the Department did not issue a management decision letter for the finding, and the tracking spreadsheet did not document any management decision. We consider these internal control deficiencies to be material weaknesses, which led to material noncompliance. Cause of Condition There were no written procedures for the single audit tracking process. Management said they were working to define the process and training staff around the monitoring requirements. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure all subrecipients requiring a single audit obtain one, and that subrecipients with audit findings receive required management decisions timely. Recommendation We recommend the Department strengthen internal controls to ensure: It verifies all subrecipients receive a single audit, if required It issues all required management decisions to subrecipients within six months, for applicable audit findings pertaining to the federal award Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award Department’s Response The Department agrees that opportunities exist to further formalize documentation and enhance consistency in tracking subrecipients’ single audits and related follow-up activities for the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. Accordingly, the Department is taking steps to strengthen written procedures, documentation standards, and supervisory review. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part: All pass-through entities must: d.Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. 3. Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by section 75.521. f.Verify that every subrecipient is audited as required by subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in section 75.501. h.Consider taking enforcement action against noncompliant subrecipients as described in section 75.371 and in program regulations. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-024 The Department of Health did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program. Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases 93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: Too numerous to list Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-040 Background The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $99 million in federal grant funds during fiscal year 2025, more than $20 million of which it disbursed to subrecipients. Federal regulations require the Department to monitor the activities of subrecipients to ensure they use subawards for authorized purposes and in compliance with federal statutes, regulations, and the terms and conditions of the subaward. This monitoring must include reviewing financial reports and taking timely and appropriate action on all deficiencies pertaining to the federal award. The Department assigns each subrecipient a compliance risk level based on standardized criteria. Subrecipients are monitored using a risk-based approach, with high-risk subrecipients being monitored more frequently. This process varies slightly for Local Health Jurisdictions (LHJ). LHJs are subrecipients that are contracted to provide a range of health services. Unlike other contracted subrecipients, LHJs receive fiscal monitoring every two calendar years. Management ensures on-site fiscal reviews are completed timely by maintaining a schedule that includes all subrecipients, their date of prior review, and risk level. This schedule is updated bimonthly to ensure completed on-site reviews are documented and any new subrecipients are included in the schedule. The Department’s Fiscal Monitoring Unit (FMU) conducts on-site fiscal reviews of all subrecipients, including LHJs. Reviewers complete a standardized template to document their work. Using the subrecipient’s reimbursement requests, reviewers judgmentally determine how many samples of payroll and other expenditures to review to ensure there is adequate supporting documentation. Reviewers also look at internal controls over processes and examine specific award and contract requirements to ensure the subrecipient was in compliance with these requirements. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the ELC program. The prior finding numbers were 2024-040, 2023-050 and 2022-033. Description of Condition The Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the ELC program. We requested a list of all subrecipients for the state fiscal year 2025 period and the Department provided a monitoring schedule. During the audit we identified 27 subrecipients with consolidated contracts and 10 subrecipients with non-consolidated contracts for a total of 37 subrecipients that received ELC funding during fiscal year 2025. After reviewing the Department’s monitoring schedule, we noted the following: The monitoring schedule was not updated for the audit period until three months after the start of the fiscal year. The schedule was not updated on a bi-monthly basis, as originally indicated by staff. The schedule was initially missing eight ELC subrecipients. These subrecipients were added to the spreadsheet by the end of the fiscal year. The ELC program was not listed as a program to review for most of the ELC subrecipients listed in the schedule. We also determined that the Department did not complete fiscal reviews for all of the ELC subrecipients on the schedule. The Department should have completed fiscal monitoring for ten LHJs and seven non-LHJ ELC program subrecipients listed in the spreadsheet during the audit period. However, only nine LHJs and six non-LHJ subrecipients received fiscal monitoring. Two subrecipients (11.7%) did not receive fiscal monitoring during the fiscal year. We consider these internal control deficiencies to be material weaknesses, which led to material noncompliance. Cause of Condition Management did not implement sufficient internal controls to ensure that subrecipients were properly identified and monitored. In addition, the Department performs centralized monitoring and decided not to include all programs in their monitoring visits. However, management felt it was sufficient to meet federal monitoring requirements even though federal law requires monitoring specific to each federal program. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department does not have reasonable assurance that the subrecipient has complied with the terms and conditions of the subaward. Recommendations We recommend that the Department: Identify and track all subrecipients Strengthen internal controls to ensure that fiscal monitoring is completed timely for all subrecipients Department’s Response The Department respectfully disagrees with the conclusion that it lacked adequate internal controls or failed to comply with fiscal monitoring requirements for the ELC program and further disagrees with the characterization of these matters as material weaknesses resulting in material noncompliance. The Department has established a centralized Fiscal Monitoring Unit, a documented risk-based monitoring framework, standardized review tools, and procedures designed to comply with federal requirements. These controls were in place and operating during the audit period. At no time during the audit period were subrecipients operating without oversight, nor was there any identified misuse of funds, questioned costs, or programmatic noncompliance resulting from the issues described. The matters noted relate primarily to administrative tracking documentation and internal scheduling practices rather than a breakdown of fiscal monitoring controls. Monitoring Schedule Updates While the audited monitoring schedule was formally updated three months into the fiscal year, monitoring activities were ongoing during that period. The schedule is also not created and maintained on a fiscal year cycle. The timing of updating the centralized tracking document did not delay or prevent required oversight procedures. The schedule serves as an administrative control and is only one piece of control structure. The control activity is the performance of monitoring procedures, which continued throughout the fiscal year. Similarly, although the schedule was not updated on a strictly bi-monthly basis as initially described by staff, the manager did review executed contracts monthly and only updated the spreadsheet when additional contracts were identified. There is no regulatory requirement mandating a specific update frequency for internal tracking tools. Variances in update cadence did not result in missed monitoring requirements. Subrecipients Initially Missing from the Schedule The eight subrecipients initially omitted from the spreadsheet were subsequently incorporated during the fiscal year. The processes utilized by the department are to update the subrecipients included on the spreadsheet when new contracts are executed. These entities were not excluded from oversight; rather, the centralized tracking document was updated when contracts were executed. Program Identification Within the Schedule The absence of explicit “ELC” program labeling within certain monitoring schedule fields does not indicate that the ELC program was not reviewed. When staff are assigned a monitoring visit, they are required to incorporate all active contracts into the review. Monitoring procedures are performed based on funding sources and risk assessments tied to all underlying contracts, including consolidated agreements. The documentation format of the spreadsheet does not negate the execution of a compete fiscal review Fiscal Monitoring Completion Rate The audit notes that two of seventeen required subrecipients (11.7%) did not receive fiscal monitoring within the fiscal year. While the Department acknowledges that one LHJ and one non-LHJ subrecipient were not monitored within the originally projected fiscal year timeframe, this represents a timing issue rather than a systemic control failure. Monitoring for these entities was addressed through alternative oversight mechanisms and/or scheduled in the subsequent monitoring cycle based on risk assessment and available resources. Neither subrecipient was missed, instead there were strategic discussions and considerations when assigning the reviews. Importantly: The majority (88.3%) of required subrecipients received fiscal monitoring during the audit period. There were no findings of questioned costs, fraud, waste, abuse, or improper expenditures associated with the two entities. There is no evidence demonstrating that the delay resulted in material noncompliance with federal requirements. Material Weakness Determination A material weakness requires a reasonable possibility that a material misstatement or material noncompliance would not be prevented or detected in a timely manner. The conditions described do not meet that threshold. Oversight mechanisms were functioning, subrecipients were subject to monitoring procedures, and no material compliance issues were identified as a result of the administrative deficiencies noted. The Department therefore maintains that: · The issues cited represent documentation and process standardization improvements. · Internal controls over fiscal monitoring were operational and effective. · The condition does not rise to the level of material weakness; and · The evidence does not support a conclusion of material noncompliance. Commitment to Process Enhancements Notwithstanding this disagreement, the Department recognizes opportunities to strengthen documentation controls and tracking standardization. Auditor’s Remarks The key control provided by the Department to ensure material compliance with this requirement was the use of its monitoring tracking workbook. This document should include the monitoring efforts for all subrecipients; however, it was incomplete and missing subrecipients for much of the audit period. These subrecipient contracts were not executed during the audit period but were in place before it began. Monitoring should have been documented for them for the entire period. Monitoring was not completed bi-monthly as indicated by staff, and written policies and procedures for how often tracking should be updated do not exist. While there is not a mandatory frequency at which subrecipients must be monitored, nor is there a requirement for how often tracking must be updated, the Department must comply with its own policies and procedures governing subrecipient monitoring. Additionally, the Department cannot rely on the monitoring efforts of other agencies to meet its monitoring obligations to subrecipients. In our judgment, these conditions resulted in a material weakness which led to noncompliance. We reaffirm our finding and appreciate the Department’s commitment to strengthening its documentation and tracking. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass-through entities. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-025 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to child care providers paid with Temporary Assistance for Needy Families funds were allowable and properly supported. Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2401WATANF; 2501WATANF Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $2,296 Prior Year Audit Finding: Yes, Finding 2024-042 Background The Department of Social and Health Services (DSHS), Community Services Division, administers the Temporary Assistance for Needy Families (TANF) grant that provides temporary cash assistance for families in need. To receive TANF benefits, participants must be engaged in activities listed in the Individual Responsibility Plan through the WorkFirst program, unless the TANF benefits are received only on behalf of a child. TANF grant funds are also used to pay clients’ child care costs to meet one of the program’s primary purposes of helping clients obtain employment. Washington has established the Working Connections Child Care (WCCC) program to help eligible working families pay for child care. The Department of Children, Youth, and Families (the Department) administers the program. The Department is responsible for establishing policies and procedures for licensing child care providers and paying them for allowable child care services. DSHS reimburses the Department for child care services it provides to TANF eligible clients under an agreement between the two agencies. In fiscal year 2025, DSHS paid $67,701,321 in TANF funds for child care services. There are three types of child care providers: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends, and Neighbor (FFN) providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. DSHS worked with the Department to set up coding in the Payment Allocating Model system that looks at the client-level information and then assigns the correct TANF source of funds. Once the source of funds is identified, that information is sent to SSPS for allocation assignment. The Department prepares electronic reports that include details to ensure proper support for funds allocated to TANF funding sources and sends DSHS a monthly bill. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funding properly. Both the CCDF and TANF block grants fund some payments the Department makes for child care. While the two federal programs are separate, the requirements and policies for child care payments in Washington are consolidated under the WCCC program. Federal regulations require grant fund expenditures to be adequately supported to show that they have been used in accordance with program requirements. Authorizations for child care To be authorized for child care services, parents must be determined to be eligible based on their income, residency and demonstrated need based on approved activities. Once parents are determined to be eligible, the Department authorizes the amount of care based on the hours a parent participates in approved activities. For licensed centers, the service levels are generally either 23 full-day units (up to 10 hours a day) or 30 half-day units (up to five hours a day), or 46 half-day units during the months of June, July and August, when authorizing care for households with more than 110 hours of activity. Care is authorized based on need when approvable activities are less than 110 hours. When more than 10 hours a day of care is needed, the Department may authorize additional care for overtime. For licensed family homes, providers are authorized monthly units of care either as full-time, part-time, full-time partial-day, or part-time partial-day. FFN providers are paid by the hour, and authorizations are made for either part-time care (up to 110 hours a month) or full-time care (up to 230 hours a month). When more than 10 hours a day of care is needed, the Department may authorize additional care for overtime. Attendance records Child care providers must maintain attendance records to support their billing. All child care providers must use the Department’s electronic attendance recordkeeping system, a Department-approved electronic attendance recordkeeping system or receive an exception to rule to allow for paper attendance records. The attendance record requirement is the same for all providers. How the provider claims for payment varies depending on the provider type: Licensed center providers claim eligible units per month. Licensed family home providers claim eligible monthly unit(s). FFN providers claim eligible hours per month. To ensure payments are allowable and accurate, the Department conducts data analysis and audits payments. The Department’s subsidy audit unit, which is composed of six provider auditors, reviews payments each month using both random sections and focused referrals. The subsidy audit unit receives focused referrals from other divisions and programs within the Department. Department staff prepare audit request letters and mail them to providers who have 45 days to respond with records. The provider auditors review the records to determine whether the payments are properly supported. Federal regulations require the state to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with TANF funds were allowable and properly supported. The prior finding numbers were 2024-042, 2023-051, 2022-035 and 2021-028. Description of Condition The Department did not have adequate internal controls to ensure payments to child care providers paid with TANF funds were allowable and properly supported. We used a statistical sampling method to randomly select and examine 59 out of a total population of 397,102 monthly payments for child care. Our sample included child care payments from each of the three provider types: licensed centers, licensed family homes and FFNs. With assistance from the Department, we requested attendance records, provider handbooks and other required receipts from providers that supported the payments. We reviewed each provider’s records to determine if the payments were allowed by federal and state regulations, Department policies and supported by adequate documentation. We found three payments funded by the TANF grant that were noncompliant. The Department improperly paid $2,296 in federal TANF funds to these three providers. The reasons the overpayments occurred were: Two providers did not submit attendance records in response to our request One provider overbilled for services not supported by attendance records While the Department has written procedures over its post-payment audit process, the procedures need improvement. The Department has a Child Care Subsidy Programs Integrity Plan that was most recently updated in February 2024. In the plan, the Department stated the frequency of billing and attendance audits is 240 per month. Program staff said that their goal was to complete these audits within four to six months after the month of service. We reviewed the results of the Department audits that occurred during the audit period which were: The Department completed 2,228 audits during the year. The Department’s post-payment audits were not timely. Most of the audits took place between six months and a year after the month of service. For four months of the year, the Department reviewed about 100 audits per month instead of 240 in its plan. The Department identified overpayments in 1,493 of the 2,228 (67%) post-payment audits it completed during the year. In total, the Department itself identified $2,185,753 in provider overpayments, or 22% of the payments it audited. The Department said these overpayments were submitted to the Department of Social and Health Services, Office of Financial Recovery (OFR), for collections. Providers are allowed due process via administrative hearing following this formal notification. The Department also has a written Quality Control Provider Audit Procedure. This procedure states that six audit staff are to select both random and focused, or risk-based providers to audit. However, the procedures do not describe the specific methods or factors used by staff to make these selections. We consider these internal control deficiencies to be a significant deficiency, which did not lead to material noncompliance. Cause of Condition The Department does not review supporting documentation to verify a payment request is allowable and supported before payment. Payment authorizations establish a maximum for what providers may bill without further approval, but this does not prevent providers from billing for unallowable days, hours or services. The Department said adequate resources are not available to review documentation before payments are made. Until SSPS is connected to attendance reporting systems, providers must maintain attendance records and submit supporting documentation when it is requested. The Department’s post-payment audits consistently identify provider overpayments, which is a detective control. However, management has not implemented internal controls that sufficiently prevent overpayments. The Department said the reason only 100 audits were performed for four months of the year was due to a lack of staffing resources. Effect of Condition and Questioned Costs By not having adequate internal controls in place, the Department increases its risk of making improper payments for child care services. We used a statistical sampling method to randomly select the payments examined in the audit. Based on the results of our testing, we estimate the total likely questioned costs paid with federal TANF funds to be $9,878,930. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely questioned cost projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 2 CFR 200.516(a)(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department strengthen its internal controls over payments it makes to child care providers. Specifically, the Department should: Update its written procedures to better describe its post-payment audit process. This should include a description of how staff select random and focused providers to audit. Provide additional resources to fully execute its Child Care Subsidy Program Integrity Plan. Based on its own audits and the results of our statistical sampling in this audit, the Department should consider expanding its audit effort until it is able to implement pre-payment controls. Link its payment and attendance reporting systems to prevent making payments that lack required supporting documentation. The Department should also: · Follow up with the providers that did not respond to requests for records during this audit. · Consult with the grantor to discuss whether the known questioned costs identified in this audit should be repaid. Department’s Response The Department agrees with the three exceptions identified by the State Auditor’s Office (SAO) as part of their testing of attendance records and documentation from providers. In February 2026, overpayments were written for the exceptions identified by SAO and submitted for recovery to the Department of Social and Health Services, Office of Financial Recovery (OFR). The Department requires additional funding to increase the number of monthly provider audits completed, or to fund an information technology solution and system linkage between the payment and all of the electronic attendance systems used by providers. Even with data system connections the Department will need significant resources to increase the number of payments reviewed. The Department’s current oversight is limited to the audit capacity of its six quality-assurance (QA) auditors for approximately 397,102 monthly child care payments as noted by SAO. The Department employs automated system controls in the Social Services Payments System (SSPS) to limit provider authorizations to the maximum amount of care a child is eligible to receive and claim. The detective internal controls, post-payment audits, implemented by the Department are designed to detect errors and assure prompt correction of these errors. The QA auditors are identifying billing and electronic attendance system errors, identifying program weaknesses to be proactive to prevent future errors, analyzing data to update provider training materials and policies/procedures, and providing technical assistance to providers to reduce billing errors. Providers have reported appreciation of direct communication with the QA auditors through the technical assistance process. Quality-Assurance Audits SAO Description of Condition: The Department’s post-payment audits were not timely. Most of the audits took place between six months and a year after the month of service. oDepartment Response: The Child Care Subsidy Programs Integrity Plan was updated 7/1/2025 but was not considered for this audit because it was outside the audit period being tested by SAO. oDepartment Response: Child care providers are allowed to claim for payments up to 3 months following the month of service. In addition, a provider has 45 days to provide records to the Department for the month of service being requested. Based on these legal requirements the Department has revised the Child Care Subsidy Programs Integrity Plan to reflect a more accurate goal of 6-12 months for audit completion. SAO Description of Condition: For four months of the year, the Department reviewed about 100 audits per month instead of 240 in its plan. oDepartment Response: During the time period outlined above the Department had one vacant position. The remaining five QA auditors processed and completed 100 monthly audits. In addition to reviewing documents for compliance, the QA auditors also work with providers daily to provide technical assistance by reviewing billing rules to help the providers comply with Department billing policies. These activities are focused on educating providers about child care subsidy rules to assist with reduction of billing errors in the future. oDepartment Response: As noted above, the Department requires additional funding to increase the number of monthly provider audits completed, or to fund an information technology solution and system linkage between the payment and all of the electronic attendance systems used by providers SAO Description of Condition: The Department identified overpayments in 1,493 of the 2,228 (67%) post-payment audits it completed during the year. oDepartment Response: Billing errors identified during the QA audit period included not providing attendance records, missing signatures, general billing mistakes, and incorrectly using an electronic attendance system. As part of the administrative hearings process, a provider may request a hearing from Department of Social and Health Services (DSHS). At these hearings the providers may submit attendance records or receipts that were not previously provided to the Department and have the overpayments reduced or removed completely. oDepartment Response: Since 2018, the Department has supplemented random audits with focused audits. The Department is in process of increasing monthly focused audits received from referrals or providers identified with an Intentional Program Violation (IPV). The remaining audit capacity incorporates random audits to meet the monthly target and ensure unbiased program oversight. SAO Description of Condition: In total, the Department itself identified $2,185,753 in provider overpayments, or 22% of the payments it audited. oDepartment Response: When overpayments are identified the Department writes an overpayment letter and provides it to the DSHS Office of Financial Recovery (OFR). OFR then sends the letter to the provider for recovery. Providers are allowed due process via administrative hearing following this formal notification. oDepartment Response: In fiscal year 2025, OFR recovered provider overpayments in the amount of $2,426,515.27. This amount may be inclusive of overpayments from previous fiscal years. As to the auditor’s specific recommendations, the Department provides the following additional information: SAO Recommendation: Update its written procedures to better describe its post-payment audit process. This should include a description of how staff select random and risk-based providers to audit. o Department Response: The Department is in the process of updating and improving quality assurance audit procedures. The current procedures provide an outline and high-level overview while the specific details are completed by the quality control specialists and their supervisor. The procedures state that the six QA auditors are assigned both random and focused providers to audit. Random audits are determined by the use of a random number generator. QA auditors also perform focused audits based on referrals from licensing, OFR, or program staff. However, the procedures do not describe the specific methods or factors used by the Department to make the selections. The updated procedures will provide detail on how cases are selected and assigned for the monthly audit totals. This update is in addition to the Child Care Subsidy Programs Integrity Plan which outlines the program integrity efforts. SAO Recommendation: Provide additional resources to fully execute its Child Care Subsidy Program Integrity Plan. Based on its own audits and the results of our statistical sampling in this audit, the Department should consider expanding its audit effort until it is able to implement pre-payment controls. o Department Response:The Department agrees this would increase provider payment integrity. The Department will need investment to increase the number of staff who audit provider payments or significant investment in an information technology platform that allows a pre-payment review of all payments. The Department also recognizes that electronic attendance systems require manual input for tracking and is not a preventative internal control by itself. SAO Recommendation: Link its payment and attendance reporting systems to prevent making payments that lack required supporting documentation. o Department Response:The Department agrees this would increase provider payment integrity. The Department will need investment to increase the number of staff who audit provider payments or significant investment in an information technology platform that allows a pre-payment review of all payments. The Department also recognizes that electronic attendance systems require manual input for tracking and is not a preventative internal control by itself. · SAO Recommendation: Follow up with the providers that did not respond to requests for records during this audit. o Department Response:In February 2026, the Department processed overpayments for the exceptions identified by SAO and submitted the overpayments to DSHS OFR for recovery. · SAO Recommendation: Consult with the grantor to discuss whether the known questioned costs identified in this audit should be repaid. o Department Response:When the Department of Health and Human Services (HHS) issues a management decision letter for the fiscal year 2025 finding, the Department will work with HHS and follow the audit resolution process. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. 45 CFR Part 75, section 403, Factors affecting allowability of costs, establishes requirements for the collection of unallowable costs. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Washington Administrative Code (WAC) 110-15-0034 Providers Responsibilities. Child care providers who accept child care subsidies must do the following: 1. Licensed or certified child care providers who accept child care subsidies must comply with all child care licensing or certification requirements contained in this chapter, chapter 43.216 RCW and chapters 110-06, 110-300, 110-300D, 110-300E, and 110-301 WAC. 2. In-home/relative child care providers must comply with the requirements contained in this chapter, chapter 43.216 RCW, and chapters 110-06 and 110-16 WAC. 3. In-home/relative child care providers must not submit an invoice for more than six children for the same hours of care. 4. All child care providers must use DCYF's electronic attendance recordkeeping system or a DCYF-approved electronic attendance recordkeeping system as required by WAC 110-15-0126. Providers must limit attendance system access to authorized individuals and for authorized purposes, and maintain physical and environmental security controls. a. Providers using DCYF’s electronic recordkeeping system must submit monthly attendance records prior to claiming payment. Providers using a DCYF-approved electronic recordkeeping system must finalize attendance records prior to claiming payment b. Providers must not edit attendance records after making a claim for payment 5. All child care providers must complete and maintain accurate daily attendance records. If requested by DCYF or the state auditor, the provider must provide to the requesting agency the following records: a. Attendance records must be provided to DCYF within 45 calendar days of the date of a written request from either department; and b. Attendance records must be provided to the state auditor’s office within 30 calendar days from the date of a written request 6. Pursuant to WAC 110-15-0268, the attendance records delivered to DCYF may be used to determine whether a provider overpayment has been made and may result in the establishment of an overpayment and in an immediate suspension of the provider's subsidy payment. 7. All child care providers must maintain and provide receipts for billed field trip/quality enhancement fees as follows. If requested by DCYF, the provider must provide the following receipts for billed field trip/quality enhancement fees: a. Receipts from the previous 12 months must be available immediately for review upon request by DCYF; b. Receipts for one to five years old must be provided within 28 days of the date of a written request from either department. 8. All child care providers must: a. Retain all records required by this chapter for a minimum of five years b. Provide to the department records from the previous 12 months immediately upon the department’s written request c. Provide to the department any records between 12 months and five years old within two weeks of the department’s written request 9. All child care providers must collect copayments directly from the consumer or the consumer’s third-party payor, and report to DCYF if the consumer has not paid a copayment to the provider within the previous 60 days 10. All child care providers must follow the billing procedures required by DCYF Washington Administrative Code (WAC) 110-15-0190 WCCC benefit Calculations 1. DCYF determines the amount of care consumers may receive at application or reapplication. Once the care is authorized, the amount will not be reduced during the eligibility period unless a. Consumers request reductions; b. The care is for school-aged children c. The authorization was for additional care needed for less than the entire length of the authorization period d. The care was authorized by child protective services (CPS) or child welfare services (CWS) and is part of children’s case plans under WAC 110-15-4510 e. Incorrect information was given at application or reapplication 2. For parents age 21 years or younger who are attending high school or working towards completing a high school equivalency certificate, DCYF will authorize care based only on their student activity schedules. 3. To determine the amount of weekly hours of care needed, DCYF reviews the child care scheduled with providers, and: a. Consumers’ participation in approved activities and the number of hours their children attend school, including home school, which will reduce the amount of care needed; or b. The days and times that approved activities overlap in a two parent or guardian household, and only authorize care during those overlapping times. Consumers are eligible for full-time care if overlapping care totals 110 hours in one month c. Parents or guardians in two parent or guardian households who are not able to care for their children under WAC 110-15-0020 are considered by DCYF to be unavailable for care, regardless of their schedules 4. Licensed or certified center child care is authorized as follows: a. Full-time monthly unit of care, equal to 22 full day units, is authorized when: i. WCCC or SCC consumers participate in approved activities at least 110 hours per month or full-time care is determined to be appropriate and included in a CPS or CWS case plan; and ii. Their children have scheduled care with a single provider at least 110 hours per month b. Part-time monthly unit of care, equal to the actual anticipated full- and half-day units of care needed averaged over a 12-month period, is authorized when the care scheduled with providers is less than 110 hours per month c. Part-time partial-day monthly unit is authorized when school-age children attend care in a licensed family home and meets the criteria in subsection (5) of this section 5. Licensed family home child care is authorized as the following monthly units of care: 6. Additional monthly units of care may be authorized when: a. Consumers request an authorization for additional care; b. The need for care is verified; c. The care is needed to supplement an existing monthly unit for unexpected care needed for an approved activity limited to the time frame needed, not to exceed three months; d. For actual anticipated overtime when the overtime is included when determining eligibility for child care; or e. For sleep time 7. Full-time partial-day monthly unit. A single partial-day monthly unit equal to 17 partial days and five full days is authorized for school-age children attending a licensed family home child care when consumers have at least 110 hours of approved activity per month, and their children are: a. Authorized for care with only one provider; b. Scheduled for care of 110 hours or more in July and August; c. In care less than five hours on a typical school day; and d. Need care before and after school. 8. When determining part-time care for families using licensed providers when their activity or amount of care needed is less than 110 hours per month: a. A full-day unit is calculated for each day of care of at least five hours; b. A half-day unit will be calculated for each day of care that is less than five hours; and c. A partial-day unit is calculated for each day of care in a licensed family home when: i. Their children are in care before and after school; and ii. The total care for the day is less than five hours. 9. Full-time care for families using in-home/relative providers is authorized when consumers participate in approved activities at least 110 hours per month: a. Two hundred thirty hours of care are authorized when their children are in care five or more hours per day; b. One hundred fifteen hours of care is authorized when their children are in care less than five hours per day; c. One hundred fifteen hours of care is authorized during the school year for school-aged children who are in care less than five hours per day and their providers are authorized for contingency hours each month, up to a maximum of 230 hours; d. Two hundred thirty hours of care is authorized during the school year for school-aged children who are in care five or more hours in a day; and e. Supervisor approval is required for hours of care than exceed 230 hours per month 10. Care cannot exceed 16 hours per day, per child 11. When determining part-time care for families using in-home/relative providers: a. Under the provisions of subsection (2) of this section, DCYF authorizes the number of hours of care needed per month when the activity is less than 110 hours per month; and b. The total number of authorized hours and contingency hours claimed cannot exceed 230 hours per month. 12. DCYF determines the allocation of hours or units for families with multiple providers based upon the information received from the parents or guardians 13. DCYF may authorize more than the state rate and up to the provider’s private pay rate if: a. The parent or guardian is a WorkFirst participant; and b. Appropriate child care, at the state rate, is not available within a reasonable distance from the approved activity site. “Appropriate” means licensed or certified child care under WAC 110-15-0125, or an approved in-home/relative provider under WAC 110-16-0010. “Reasonable distance” is determined by comparing distances other local families must travel to access appropriate child care. 14. Other feeds DCYF may authorize to a provider are: a. Registration fees; b. Field trip fees; c. Nonstandard hours bonus; d. Overtime care to licensed providers when care is expected to exceed 10 hours in a day when consumers are eligible and authorized; and e. Special needs rates for a child
2025-026 The Department of Social and Health Services did not have adequate internal controls to ensure only eligible clients received cash benefits under the Refugee and Entrant Assistance program and improperly charged $4,440 to the program. Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance - State Administered Programs Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2301WARCMA-01; 2301WARCMA-02 2401WARCMA-03; 2401WARCMA-04 2501WARCMA-00 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Eligibility Known Questioned Cost Amount: $4,440 Prior Year Audit Finding: No Background The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement. The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) grants, as well as Refugee Support Services. Specifically, CMA covers Refugee Cash Assistance (RCA), Refugee Medical Assistance (RMA), Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RCA and RMA are intended for individuals who are ineligible for Temporary Assistance for Needy Families (TANF) or Medicaid. In Washington, the Department of Social and Health Services administer the state’s Refugee and Entrant Assistance programs. In fiscal year 2025, the Department spent about $83.7 million in federal program funding, including more than $11.4 million to people for Cash Assistance benefits. DSHS determines eligibility of a client for the RCA program using its Automated Client Eligibility System (ACES). Clients apply online or through a Community Services Office. Public Benefit Specialists are responsible for collecting immigration documentation (e.g., I-94, USCIS records, or certification letters from the Office on Trafficking in Persons), income verification and household composition information. ACES applies system logic to determine eligibility, calculate household benefit levels and track the 12-month eligibility for RCA recipients. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls to ensure only eligible clients received cash benefits under the Refugee and Entrant Assistance program and improperly charged $4,440 to the program. Program management are expected to run weekly caseload reports from ACES and BARCODE to identify potentially ineligible RCA recipients. A benefit would be flagged when these reports detect an eligibility concern, such as a client exceeding the 12-month RCA limit, receiving duplicate benefits or being coded under the wrong program (for example, minors incorrectly enrolled in RCA instead of TANF). Management is expected to review and document these flagged cases to ensure benefits are only provided to eligible clients. We randomly selected 11 weekly caseload reports out of a total of 52, and found in six instances, there was no evidence indicating a managerial review of the flagged eligibility caseload reports occurred. In addition, the Department did not have policies and procedures to prevent staff from resetting a client’s eligibility date when they left and reentered the country, resulting in benefits being improperly extended. We determined one person improperly received benefits because an eligibility worker improperly revised the original US entry date in ACES when the client reentered the country, inadvertently resetting the client’s eligibility date. ACES uses the US entry date to track the 12-month eligibility for RCA recipients. We consider this internal control deficiency to be a material weakness. This issue was not reported as a finding in the prior audit. Cause of Condition Although DSHS established a control structure requiring weekly caseload monitoring reports, staff did not consistently run or review these reports to ensure only eligible clients received cash benefits under the program. Department staff said some reviews did not occur because the employee responsible for pulling and reviewing weekly caseload reports was out on leave or working a reduced schedule, and other staff stepped in. The absence of a documented backup process or oversight to ensure this control operated consistently weakened its effectiveness. In addition, ACES does not have controls in place to prevent a user from editing the client’s original date of entry into the country. Effect of Condition and Questioned Costs Because of these internal control weaknesses, there is an increased risk that ineligible individuals receive cash benefits. We found that the Department made $4,440 in RCA benefits to an ineligible person. We estimate the total likely questioned costs to be $394,332. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely questioned cost projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 2 CFR 200.516(a)(3). We question costs when an agency has not complied with grant regulations or when there is no adequate documentation to support expenditures. Recommendation We recommend the Department: Strengthen internal controls to ensure staff consistently perform and document weekly caseload monitoring reviews Provide additional training and guidance to staff clarifying that the RCA 12-month eligibility period begins on the original date of entry and does not restart if a client exits and reenters the country Consult with the grantor to determine whether the questioned costs identified in this audit should be repaid Department’s Response The Department concurs with the finding. The Department acknowledges six weekly caseload reports were not reviewed for eligibility errors. Unfortunately, we are unable to retrieve the original, backdated weekly caseload reports. To rectify the lack of managerial oversight for these specific periods, the Department’s Office of Refugee and Immigrant Assistance (ORIA) will take the following corrective action: Request the Department’s ESA Management Analytics and Performance Statistics (EMAPS) team generate a report detailing all eligibility determinations made during the six weeks that lacked review. Thoroughly review the report to identify and immediately correct any eligibility determination errors. Additionally, to strengthen our internal controls and ensure ongoing compliance, the Department will: Develop, document, and implement a comprehensive process to ensure managerial reviews of flagged eligibility caseload reports are completed timely and include a backup process in the absence of the primary reviewer. Develop, document, and implement a formal oversight process to monitor the completion and documentation of managerial reviews of all flagged eligibility caseload reports. This process will include a recurring check or log to ensure 100% compliance. Develop and provide additional training and guidance to eligibility staff clarifying that the Refugee Cash Assistance (RCA) eligibility period begins on the client’s original date of entry and does not restart if a client temporarily exits and subsequently reenters the country. Submit a formal EMAPS work request to develop an RCA flagged eligibility caseload report. In addition to metrics already reviewed, this report must include a metric to flag cases where the US Entry Date field has been modified. If the grantor contacts the Department regarding the questioned costs identified in this finding, the department will consult with the grantor to determine whether repayment is required. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs. Title 45 CFR Part 400, Subpart E, Refugee Cash Assistance, establishes requirements for determining eligibility and the provision of cash assistance to refugees. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-027 The Department of Social and Health Services did not have adequate internal controls to ensure it filed reports on time as required by the Federal Funding Accountability and Transparency Act for the Refugee and Entrant Assistance program. Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2201WARSSS-00; 2301WARSSS-00; 2301WARSSS-01; 2401WARCMA-03; 2401WARCMA-04; 2501WARCMA-00 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Reporting Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-046 Background The Refugee and Entrant Assistance program provides states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement. The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance program. In fiscal year 2025, the Department spent about $83.7 million in federal program funding. Of that amount, the Department passed through almost $62 million to subrecipients. Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Act Subaward Reporting System. Beginning March 1, 2025, the Federal Funding Accountability and Transparency Act Subaward Reporting System transitioned to SAM.gov. The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending. During fiscal year 2025, the Department issued 58 subawards and 91 subaward amendments totaling more than $50.3 million in federal funds to subrecipients that it was required to report. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act. The prior finding numbers were 2023-052 and 2024-046. Description of Condition The Department did not have adequate internal controls to ensure it filed reports on time as required by the Act. We used a statistical sampling method to randomly select and examine 18 subawards out of a total population of 149. We determined the Department did not file 13 out of the 18 subawards (72%) on time. The reports were accurate and complete. We consider these internal control deficiencies to be a significant deficiency. Cause of Condition The Department lacked adequate staffing, which resulted in it submitting FFATA reports late. In April 2025, the FFATA data entry shifted to a different office within the Department to ensure on-time reporting. This office completed a full audit upon receiving the new workload and filed all past-due reports. Effect of Condition Failing to submit the required reports on time diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance, including suspending or terminating the federal award or withholding future awards. Recommendation We recommend the Department strengthen internal controls to ensure it submits all required reports on time. Department’s Response The Department concurs with the finding. In response to prior year’s audit finding DSHS 2024-029, the Department implemented a process change to ensure timely and accurate reporting. Effective April 17, 2025, the Department transitioned the reporting responsibility for federal subawards from the Division of Finance and Financial Resources accounting team to the Office of Refugee and Immigrant Assistance (ORIA) program staff. This change places the reporting duty with the personnel closest to the data source. Because this transition occurred late in the 2025 fiscal year, the Department anticipated a repeat finding for the SFY2025 audit period. The full impact of the corrected process will be evident in the SFY2026 audit. To ensure ongoing compliance with FFATA subaward reporting requirements for awards exceeding $30,000, the following control measures have been established: 1.Designated and trained a primary and a backup staff member within the program to collect and report the required information for each subaward. 2.Created a verification process to ensure that subawards and subaward amendments are reported accurately and timely. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part: Appendix A to Part 170 – Award Term I. Reporting Subawards and Executive Compensation (a) Reporting of first-tier subawards — 1.Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward. 2.Reporting Requirements. (i) The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at http://www.fsrs.gov. (ii) For subaward information, report no later than the end of the month following the month in which the subaward was issued. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025). The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-028 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal and departmental requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs. Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2201WARSSS-00; 2301WARSSS-00; 2301WARSSS-01; 2401WARCMA-03; 2401WARCMA-04; 2501WARCMA-00 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-047 Background The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement. The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In Washington, the Department of Social and Health Services’ Office of Refugee and Immigrant Assistance (ORIA) administer the State’s Refugee and Entrant Assistance programs. During fiscal year 2025, the Department spent about $83.6 million in federal program funding, more than $61.8 million of which it passed through to subrecipients. Federal regulations require the Department to monitor the activities of subrecipients to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. This includes reviewing financial and performance reports required by the pass-through entity. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs. The prior finding numbers were 2023-054 and 2024-047. Description of Condition The Department did not have adequate internal controls over and did not comply with federal and departmental requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs. The Department’s Program and Fiscal Monitoring policies require ORIA staff to review caseload reports submitted by subrecipients and document their monitoring activities. During the audit, we found the Department did not have adequate internal controls in place to ensure: All caseload reports are consistently available, accessible and retained so ORIA staff can verify that monitoring occurred Ensure subrecipients clearly identify which clients received direct assistance versus other services so required monitoring can be completed Ensure ORIA staff document all required caseload reviews We identified 1,476 total caseload reports due in the fiscal year 2025. We used a statistical sampling method to randomly select and examine 58 of them. For 53 of the 58 caseload reports examined (91%), we could not determine whether they were reviewed in accordance with the Department’s Program and Fiscal Monitoring policies as there was no documentation showing which clients were reviewed or what program monitoring was performed. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition Although the Department began developing new tools and procedures in response to the prior year’s finding, many of these improvements were not fully implemented during the audit period. The Department said it experienced access issues with some caseload reports, which prevented staff from retrieving or reviewing the reports as needed. In addition, ORIA program staff continued to document only cases that required corrections and did not document when reviews were performed, as required. Finally, the Department did not ensure subrecipients consistently identified which clients received direct assistance versus other services. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department cannot reasonably ensure the subrecipient has complied with the terms and conditions of the subaward. Missing, unclear or undocumented monitoring limits the Department’s ability to identify issues, follow up with subrecipients, and ensure federal funds are used appropriately. Recommendation We recommend the Department: Ensure all caseload reports are consistently available, accessible, and retained so ORIA staff can verify that monitoring occurred Ensure subrecipients clearly identify which clients received direct assistance versus other services so required monitoring can be completed Provide clear guidance to staff on documenting eligibility reviews, including documenting when cases are reviewed and correct, not only when corrections are needed Strengthen internal controls to ensure ORIA staff document all required caseload reviews Follow up with subrecipients on missing, incomplete or unclear reports and ensure any issues are corrected Department’s Response The Department concurs with the auditor’s findings. The Department acknowledges the identified deficiencies create a material weakness due to the insufficient subrecipient monitoring that may result in unmonitored services, a lack of documentation to support direct assistance versus other services, and the inability to verify monitoring activities were performed in accordance with policy. The Department’s Office of Refugee and Immigrant Assistance (ORIA) is committed to immediately implementing the following corrective actions to strengthen internal controls and ensure full compliance with all monitoring requirements: 1.Revise ORIA Program Monitoring Procedures to clearly define: a.A mandatory checklist for all program monitoring activities. b.Non-negotiable standards for subrecipients to clearly identify which clients received direct assistance versus other services so required monitoring can be completed. c.Required documentation standards for all caseload reviews. d.Required follow-up with subrecipients on missing, incomplete or unclear caseload reports and ensure any issues are corrected. 2.Develop and deliver mandatory training for all ORIA program monitoring staff on the revised procedures, focusing specifically on: a.Proper caseload report review, retention, and verification procedures. b.The new documentation standards for tracking all services and assistance. 3.Implement a secondary quality assurance (QA) step where an administrator or designated QA officer must review and sign off on a monthly sample of all completed subrecipient caseload reviews. 4.Re-review the 53 caseload reports identified in the audit finding to verify eligibility and document completion of the reviews. Follow-up on any exceptions identified during the review. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes the requirements for all pass-through entities. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Department of Social and Health Services, Administrative Policy 19.50.30, Subrecipient Monitoring, states in part: Policy E. Fiscal and programmatic monitoring must be completed. (See Attachment C – Sample DSHS Subrecipient Fiscal Monitoring Site Visit Tool) Based on the result of the risk assessment, a desk or on-site review must be completed. Each Program has control over the form and content of its risk assessment tools. 1.If the risk assessment shows the entity is of low to medium risk, the entity may not require an on-site review. The following items, if available, must be documented in a desk review: a.Entity’s invoices and documentation (A-19s). b.Entity’s program or service and financial reports. c.Surveys or feedback cards from clients. d.Client complaints. e.Entity’s audit or financial report follow up and ensuring all appropriate action has been taken on all items detected through audits, on-site reviews and any other means. f.Entity’s indirect rate certification (Certificate of Indirect Costs, form 02-568 or plan), if applicable. g.If any of the above are not reviewed within the desk review, supervisor approval and an explanation for the reason the items were unable or immaterial to be reviewed must be included within the desk review assessment tool. 2.If the risk assessment shows the entity is a high risk, an on-site visit is required. The program/division will assign the appropriate staff to conduct the on-site review. On-site reviews must include all items in a desk review. In addition, on-site reviews may include, as appropriate, the following items: a.A review of the delivery of program services. b.Discussions about the subrecipient’s problems and challenges. c.Follow-up on identified problems from previous visits. d.Review of faculty/personnel licensing. e.Review of surveys and inspections performed by outside parties. f.Interview of staff to determine whether they are familiar with the program. g.Inspection of the entity’s facilities and operations. h.Review of and compliance with the entity’s policies and procedures governing service delivery and financial processes. i.Review of the entity’s monitoring/production reports. j.Review of any independent limited scope program audits. k.Verification of performance from outside source (e.g. sub-contractors). l.Review of the entity’s self-risk assessment survey. m.Review of internal controls. n.Review of billing practices. o.Review of allocation of costs. p.Review of timesheets or activity reports. q.Review of financial records. F. Monitoring must be documented. 1.The ACD must be used to document all subrecipient-related monitoring activities. 2.Assigned staff must document all desk or on-site reviews performed. The program manager overseeing the contract is responsible for making sure that items included in the review are documented in the ACD by the end of the contract period. 3.Each program must maintain contract monitoring documentation per General Administration’s retention schedule (Administrative Policy 5.04, Records Retention).
2025-029 The Department of Commerce did not have adequate internal controls over and did not comply with the Cash Management Improvement Act requirements for the Low-Income Home and Energy Assistance Program. Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2101WALWC6, 2201WALIEA, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI, 2501WALIEA Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Cash Management Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories. In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2025, the Department spent more than $70 million on federal funds, about $63 million of which it paid to subrecipients. The LIHEAP program is subject to the Cash Management Improvement Act (CMIA) and is included in the Treasury-State Agreement for Washington. The primary purpose of the CMIA agreement is to ensure states request federal funds when they need them so neither the federal or state governments lose or gain interest revenue. The agreement specifies the funding technique the Department should use when requesting federal funds. The Department shall draw funds semi-monthly, according to the state payroll schedule. When a draw request is prepared, the Department determines the amount to request based on expenditures since its last draw. This amount is verified in a system it maintains called the Contract Management System. All cash draws are submitted into the federal Payment Management System (PMS) to request reimbursement. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with CMIA requirements. The CMIA for LIHEAP states that the Department must make cash draws one day before scheduled paydays throughout the year. We reviewed the timing of these draws made during the fiscal year to ensure the Department met the CMIA timing requirements. We determined there was no cash draw made for one payroll period of the year. We also identified seven cash draws to be noncompliant because the Department made them in the middle of a payroll period. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department stated it was not aware that making additional draws outside of the CMIA timeline was not compliant with federal requirements. For the draws made outside of the payroll period, the Department’s executive leadership requested staff make additional draws due to the uncertainty of receiving future federal funds. In addition, at the end of the state fiscal year, the Department made additional draws to adjust prior draws in PMS between various open awards. For the one draw not completed for a payroll date, program staff requested that the draw not be made at that time because they wanted to expend remaining funds on the Department’s earliest open award before drawing from other grants, but were not confident of the amount to be drawn. Effect of Condition Violations of the CMIA can result in the grantor denying the state payment or credit for the resulting federal interest liability or other sanctions. Delaying federal draw-down requests also results in state funds being advanced longer than necessary and potentially losing interest revenue for the state. Recommendation We recommend the Department establish and follow effective internal controls to ensure it performs cash draws on the schedule specified in the CMIA agreement. Department’s Response The Department acknowledges the Cash Management Improvement Act timeline draw requirements, however, during fiscal year 2024 the state experienced uncertainty regarding availability of federal funds and did not know the Act prevented the Department from making draws in addition to those allowed in the requirements. Leadership approved the higher frequency of draws to ensure we could fund all of the programs expenditures already incurred by subrecipients. The Department now understands the draw timeline requirements for the applicable laws and regulations and will make sure our draw processes mirror those requirements. We thank the State Auditor’s Office for clarifying the requirements. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Washington State’s Agreement pursuant to the Cash Management Improvement Act (CMIA) of 2025, states in part: 6.2.4 The following are terms under which State unique funding techniques shall be implemented for all transfers of funds to which the funding technique is applied in section 6.3.2 of this Agreement. Modified Direct Program Costs - Admin, Payroll, Payments to Providers: The State shall request funds for all direct administrative costs and/or payroll costs, and/or payments made to providers and to support providers. The request shall be made in accordance with the appropriate Federal agency cut-off time specified in Exhibit I. The amount of the funds requested shall be based on the amount of expenditures recorded for direct administrative costs and/or payroll costs and/or payments made to providers or to support providers since the last request for funds. The State payroll cycle is payday twice a month. Draws made the day before payday are for deposit on payday. The draw request will be made in accordance with the cut-off time in Exhibit 1. The amount of the funds requested shall be based on the amount of expenditures recorded for direct administrative costs and/or payroll costs and/or payments made to providers or to support providers since the last request for funds. This funding technique is interest neutral. 6.3.2 Programs 93.568 Low-Income Home Energy Assistance Recipient: Department of Commerce % of Funds Agency Receives: 90 Component: Payments to providers Technique: Modified Direct Program Costs - Admin, Payroll, Payments to Providers Average Day of Clearance: 0 Days
2025-030 The Department of Commerce improperly charged $131,015 to the Low-Income Home Energy Assistance Program. Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2101WALWC6, 2201WALIEA, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI, 2501WALIEA Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Period of Performance Known Questioned Cost Amount: $131,015 Prior Year Audit Finding: Yes, Finding 2024-050 Background The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families (ACF), administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories. In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2025, the Department spent more than $70 million in federal funds, about $63 million of which it paid to subrecipients. Federal regulations require the Department to obligate at least 90% of the LIHEAP block grant funds in the first federal fiscal year in which they are awarded. If funds are left over after the end of the first federal fiscal year, the Department must either return those funds or report to the grantor the amount it intends to carry over and reallot. The Department may carry over up to 10% of the funds payable for obligation no later than the end of the following federal fiscal year. Funds not obligated by the end of the second fiscal year of the award must be returned to ACF. The limits on the period for the expenditure of funds are communicated to award recipients. LIHEAP awards typically have a two-year project period when the Department may obligate funds to subrecipients through subawards and incur administrative costs to execute the award. The subawards define the period of performance for subrecipients to spend these funds. Departmental administrative costs are considered obligated when the expenditure activity occurs. As such, the period of performance for administrative costs aligns with the project period start and end date. If the Department requires more than one year from the project period end date to liquidate allowable costs, it is required to notify the grantor. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits we reported the Department did not have adequate internal controls over and did not comply with period of performance requirements for LIHEAP. The prior finding number was 2024-050. Description of Condition The Department improperly charged $131,015 to LIHEAP. We found the Department had adequate internal controls to ensure material compliance with period of performance requirements. The Department properly obligated the federal fiscal year 2024 award during the audit period. Furthermore, subrecipient expenditures reviewed were within the period of performance requirements. However, during state fiscal year 2025, there were three awards with project end dates during this time. We analyzed expenditures charged to the awards in the accounting system and identified $122,516 of administrative activities that occurred after the period of performance. In addition, there was one award with a liquidation period ending during state fiscal year 2025. Through a review of expenditures charged to the award, we identified $8,499 in indirect payroll expenditures that occurred after the period of performance. Cause of Condition The Department misinterpreted federal regulations regarding administrative costs, which led management to believe it was compliant with period of performance requirements. Effect of Condition and Questioned Costs We identified $131,015 in known questioned costs for administrative expenditures that occurred outside of the period of performance. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Department: Design and implement internal controls to ensure it complies with period of performance requirements Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department’s Response The Department appreciates the opportunity to respond to the finding but respectfully disagrees with the questioned costs reported. The Department agrees with the Washington State Auditor’s Office (SAO) and commits to creating internal controls regarding how administrative activities and payroll are reviewed, approved and applied as program expenses. To improve that process, the LIHEAP programs are working with the Department’s Budget, Accounting and Internal Controls Departments to implement processes to strengthen our internal controls. During the course of the audit, the Department discussed the program requirements as reported in the Code of Federal Regulations (CFR) with the auditors. 45 CFR §96.30, states, “Liquidation of funds under this award must relate back to obligations properly incurred during the obligation period of this award. If the recipient requires more than 1 year from the obligation period end date to liquidate allowable costs, it shall notify the Grants Management Officer.” On January 13, 2022, program management sent the following question to R. Patrice West, Energy Assistance Program Specialist, HHS: “Is Commerce allowed to provide LIHEAP services outside the project performance period as long as the funds have been obligated within the project performance period?” R. Patrice West’s responded, “You are correct. As long as funds were obligated during the performance period you are allowed to provide LIHEAP services outside the project performance period.” In addition, in May 2025, the Department met with Tim Chappelle, Grants Management Specialist, HHS, who confirmed the process Commerce used for applying funds within the closeout period was allowed. The Internal Controls Team subsequently met with the SAO Single Audit specialist who confirmed the process followed by the Department was in compliance with the LIHEAP specific CFR’s regarding the period of performance requirements. As a result of the confirmation of understanding by the SAO, the guidance provided in writing and verbally by HHS, the Deputy Director, currently the Acting Director, approved the process to continue as instructed. HHS as the federal grantor can update, change or modify any compliance requirements for programs they fund. The Department has followed their guidance, has provided that guidance to the SAO, but the guidance has not been accepted by the SAO resulting in the questioned cost finding. While we acknowledge LIHEAP expenditure process internal controls could be strengthened, we request SAO remove the questioned costs identified based on the approval of our practices provided by the grantor, HHS, which align with the requirements of the applicable CFR’s. We respectfully ask the SAO to provide clarity and a basis for the finding in light of the grantor approval of this practice. Auditor’s Remarks We took into consideration the communication the Department had with the federal grantor, as stated in its response. However, the Department is applying the federal grantor’s response to include administrative costs. The question from the Department related to providing services “as long as they were properly obligated”. As stated in the finding, administrative costs are considered obligated when the expenditure activity occurs. As such, the period of performance for administrative costs aligns with the project period start and end date. The federal grantor’s response was also specific in stating that obligations consist of legal agreements, it does not address the Department’s own administrative costs. We communicated this to the Department during our fieldwork. This finding does not report a significant deficiency or material weakness in internal controls. As stated above, we found the Department had adequate internal controls to ensure material compliance with period of performance requirements. The finding is being issued because the questioned costs exceeded $25,000. We reaffirm our finding and will review the status of the Office’s corrective action during the next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs. ACF Supplemental Terms and Conditions, LIHEAP, states in part: 7. Obligation Deadline: a. According to 45 CFR §96.14(a)(2), the two-year funding (project) period for this award is concurrent with the obligation period: from the first day of the FFY for which these funds were awarded through the last day of the following FFY. (i.e., October 1, FFY 1 through September 30, FFY 2.) According to 42 USC 8626(b)(2)(B), a maximum of 10 percent of the federal funds issued under this award may be held available for obligation in the FFY 2 of the project period. If more than 10 percent of a recipient's federal funds remains unobligated at the end of the FFY in which they were allotted, those excess funds must be returned to HHS if previously drawn down or will be restricted in the Payment Management system. Such funds will be recaptured and are subject to reallotment among all eligible recipients in the next FFY. Any federal funds not obligated by the end of the two-year obligation period will be recouped by the Department. 8. Liquidation: According to 45 CFR §96.30, all properly obligated federal funds issued under this award must be liquidated in accordance with the recipient’s own fiscal control and funds control procedures. Liquidation of funds under this award must relate back to obligations properly incurred during the obligation period of this award. If the recipient requires more than 1 year from the obligation period end date to liquidate allowable costs, it shall notify the Grants Management Officer identified on its latest Notice of Award and the assigned LIHEAP federal liaison found at this hyperlinked location: LIHEAP Contact Information. The notification shall include the reason for the delay and the anticipated timeframe for liquidation. Approval or disapproval will be provided in writing by OGM. Any federal funds from this award not liquidated by the date required under the recipient’s own fiscal control procedures, which may not exceed five years following the fiscal year of award, will be recouped by this Department. ACF-OCS-LIHEAP-IM-2024-04 LIHEAP Obligations, Expenditures, and Refunds, states in part: Federal appropriations accounting law at 31 U.S.C. § 1502(a) states that the balance of an appropriation or fund limited for obligation to a definite period is available only for payment of expenses properly incurred during the period of availability or to complete contracts properly made within that period of availability. Grant recipients may not incur new expenditures beyond the period of performance unless necessary to liquidate obligations made during the period of performance under active agreements or subawards with partnering agencies. Grant recipients must liquidate obligations according to the same rules, including the timeframe, required of its own non-federal funding.
2025-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act. Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program Federal Grantor Name: Department of Health and Human Services Federal Award/Contract Number: 2101WALWC6, 2201WALIEA, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI, 2501WALIEA Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Reporting Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-052 Background The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories. In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2025, the Department spent more than $70 million in federal funds, about $63 million of which it paid to subrecipients. The Federal Funding Accountability and Transparency Act (Act) requires the Department to collect and report information on each subaward of federal funds more than $30,000 in the federal reporting system. The Department must report subawards by the end of the month following the month in which it executed the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending. The Department has two units – energy assistance and weatherization – that administer two different program activities. Each unit is responsible for complying with this reporting requirement and have similar processes for completing the reports. When a new or amended subaward is executed, program staff enter its information into the Department’s Contract Management System (CMS). Program staff use the information in the CMS to complete the report. There were 75 LIHEAP subawards and amendments that the Department was required to report in fiscal year 2025, totaling $59,020,129. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act. The prior finding number was 2024-052. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act. While the Department has written procedures for filing these reports, the procedures in place for the first seven months were not adequate to ensure compliance. The procedure states that a report is to be completed 30 days after the obligation memo is signed by the Assistant Director, not when each subaward or amendment is executed. If this process is followed, then reports may not be submitted on time. Additionally, the procedure states that amendments are reported when the obligation is $30,000 or more. If this process is followed, it is possible that amendments less than $30,000 would not be reported when the original subaward and amendment together meet the reporting threshold. The Department updated this procedure in February 2025 to correctly state the FFATA report is completed within 30 days after subawards are signed by the Assistant Director. However, it still states amendments will be reported if equal to or greater than $30,000. We used a non-statistical sampling method to randomly select and examine 13 out of a total population of 75 subawards and amendments from energy assistance and weatherization. Out of the 13 examined, we found: The Department did not report three (23%) energy assistance subawards in the reporting system The Department reported one weatherization subaward (8%) 68 days late One (8%) energy assistance subaward was submitted with an incorrect subaward amount One (8%) weatherization subaward was submitted with the incorrect subgrantee name and unique entity identifier Transactions Tested Subawards Not Reported Report Not Timely Subaward Amount Incorrect Subaward Missing Key Elements 13 3 1 1 1 Dollar Amount of Tested Transactions Subawards Not Reported Report Not Timely Subaward Amount Incorrect Subaward Missing Key Elements $18,670,860 $1,713,258 $299,631 $1,034,603 under reported $3,511,486 We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition In response to the prior year finding, the Department implemented a new process to strengthen internal controls, however, the new process was not in place when the Department submitted the reports. For the two subawards with incorrect information and the three awards the Department did not submit, internal controls were not sufficient to ensure the Department correctly entered the information into the CMS. For the one award the Department did not submit on time, it stated that during this time there was a change in program management responsibilities that resulted in a delay in reporting. Effect of Condition Failing to properly submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. Recommendation We recommend the Department: Establish effective internal controls, including updating written procedures, to ensure it submits all required reports Ensure it correctly enters subaward details into the CMS Department’s Response The Department confirms the new process to address the findings issued in the prior year was not in place until the Department submitted the initial Federal Funding Accountability and Transparency Act (FFATA) report for the 2025 program year in January 2025. As included in the finding, the Department’s procedures require that reporting is to be completed within 30 days after the subrecipient contract is approved by the Assistant Director. The Departments LIHEAP programs will continue to review and update the FFATA procedure and include additional levels of review from both program and budget to ensure information entered is accurate and submitted in a timely manner. To address this, the LIHEAP programs have updated the process documents to improve the accuracy of FFATA data entry. Additionally, further internal controls have been implemented to strengthen the reporting process, which including: 1.Establishing a process for program staff to draft FFATA reports followed by the Program Manager’s review and then the Managing Director or Senior Weatherization Program and Evaluation Manager review and approval. 2.Implementing a process to ensure each new and amended awards are entered separately into the FFATA reporting system. 3.Budget staff will conduct a secondary review of prepared reports to verify financial accuracy before submission by the Program Manager in the FFATA system 4.LIHEAP programs along with the Internal Controls Office will review the FFATA procedure annually to ensure compliance with current federal requirements. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part: Appendix A to Part 170 – Award Term I.Reporting Subawards and Executive Compensation a.Reporting of first-tier subawards. 1.Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward. 2.Reporting Requirements. i.The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov. ii.For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025). The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-032 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Low-Income Home Energy Assistance program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2101WALWC6, 2201WALIEA, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI, 2501WALIEA Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-055 Background The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories. In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2025, the Department spent more than $70 million in federal funds, about $63 million of which it paid to subrecipients. Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes to subrecipients, the Department must follow up with subrecipients to ensure they take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse (FAC). The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. To monitor its compliance with these requirements, the Department’s Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The subrecipients included on this list are provided to the Internal Control Office by program staff. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of LIHEAP received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding number was 2024-055. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of LIHEAP received required single audits, and that it appropriately followed up on findings and issued management decisions. The Department does not have policies and procedures in place that align with its current practice to ensure compliance with subrecipient single audits and follow-up, if necessary. We examined the Excel workbook the Department used during the audit period to monitor compliance with these requirements and determined the Department did not sufficiently design it to ensure the Department was compliant with subrecipient single audit requirements for the following reasons. The workbook: Lacks a field to calculate or track when the subrecipient single audit is due to allow the Department to determine if the subrecipient submitted its report on time Contains a field that documents the date when the Department reviews the subrecipient’s single audit status in the FAC. The workbook shows the Department reviewed this once (over approximately a two-week period) during the audit period. Since subrecipients have different fiscal year end dates, this single review per year is not sufficient to ensure compliance with the nine-month single audit submission and six-month management decision letter issuance, if applicable. Additionally, during the audit period, this workbook included 31 LIHEAP subrecipients. By reviewing prior year LIHEAP expenditures, we identified 34 LIHEAP subrecipients that may have been required to receive a single audit. As a result, we concluded the Department did not properly track three (9%) of the 34 subrecipients to ensure it reviewed their audits for program-funded findings and completion of required management decisions, if applicable. Furthermore, in this workbook: For 11 (35%) of the 31 subrecipients, the Department did not track the correct fiscal year-end date for the single audit due in the audit period. For one (3%) of the 31 subrecipients, we could not verify the subrecipient’s fiscal year-end date nor verify if they had reported a single audit in the FAC. Finally, we identified two subrecipients that required a management decision letter to be issued during the audit period. We requested documentation to verify this occurred and the Department provided one letter that was issued almost six weeks late and did not provide evidence the second management letter was issued. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition The Department did not implement adequate internal controls to ensure proper monitoring and review of subrecipient single audit submissions and issuance of management decision letters, if applicable. The Internal Control Office staff received an incomplete list of subrecipients from program staff, but did not verify the list was complete. Therefore, the list provided by program staff was tracked, but not the remaining subrecipients. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure all subrecipients received single audits when they were required. Additionally, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. When it fails to ensure subrecipients establish corrective actions and management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Department: Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations Issue a written management decision for all applicable audit findings, if necessary Department’s Response The Department understands the SAO’s description of condition and recommendations, and would like to highlight our strong and comprehensive internal controls over subrecipient monitoring for audit requirements which include the identification, tracking, verification and monitoring of subrecipients. The Internal Controls Office (ICO) completes the monitoring as required by 2 CFR 200.521 and Title 45 CFR Part 75 section 352 d 3 and f. The program specific requirements are completed by LIHEAP weatherization and energy department staff. It appears most of the exceptions reported are based on the Washington State Auditor’s Office (SAO) preferences, not Code of Federal Regulations (CFR) requirements. The following are the Department’s responses to the deficiencies listed in the Description of Condition in order of exception noted: The ICO tracking process includes a field to track dates audits are submitted by subrecipients. The Department’s monitoring is based on the subrecipient’s submission which we document during monitoring. Each subrecipient determines their own submission date. The CFR does not require specific fields be documented. The Department tracked, monitored subrecipients and documented the action completed at least seven times during the monitoring period. The Department provided the tracking information to the SAO during the audit and in response to the draft finding, showing all dates monitoring was performed. Once subrecipients have completed their submission, monitoring for audit submissions is complete. Subrecipients are not monitored to the prior year expenditures and they are not applicable to the process. While the SAO has reported who “may have been” required to receive a single audit, the Department only tracks and monitors who is required to obtain and submit their single audit. 32 subrecipients were monitored. Other inaccuracies to note include: oOne subrecipient included as an exception was not a LIHEAP subrecipient and should have been removed as an exception oTwo subrecipients were monitored but the names were reported differently on the SAO report. oOne subrecipient was tracked as part of general monitoring completed by ICO, the information was provided to the SAO during the audit and after the draft finding was issued. oThe Department acknowledges the ICO did not track two entities because one had their funding halted and neither were included in the list of subrecipients for ICO monitoring. The Department has addressed this issue that created this discrepancy. The Department monitored subrecipients reported by program management based on the current program and reporting year as required by CFR. The method to track the fiscal year-end date for the single audit due in the audit period is not required by CFR. The Department monitors subrecipients annually, per the CFR, and can only monitor subrecipients after their submission has been completed. The SAO exception timelines would require the Department monitor within the current submission period which is before or within the required submission timeframe. One subrecipients fiscal year end date could not be verified because they did not complete their submission as required. This entity was monitored by the Department several times, two of which were documented. Once the determination of non-compliance was made by the ICO, it was reported to program management. The Department provided this information to the SAO during the audit and after the draft finding was issued. Two management decision letters were required to be issued for LIHEAP subrecipients within the reporting period. One was issued by ICO after the six month deadline, the other letter was not issued due to the finding issued including several federal awards and the inclusion of the LIHEAP funding was missed. The ICO completed the monitoring and tracking but did not identify a management decision letter was required to be issued. We continue to strive to make sure we capture all subrecipients to ensure we issue all management decision letters required. Regarding the Cause of Condition, the Department asserts it does have adequate internal controls in place that are working effectively as required by the CFR. The ICO obtains list of subrecipients three different ways, through reporting from our Contracts Monitoring and financial reporting Systems and from lists provided by the LIHEAP programs. The subrecipient list provided by program management was the process used to confirm the population. Additionally, the Department was subject to an in depth onsite federal audit of the LIHEAP program completed by Health and Human Services (HHS) during 2025. The audit included single audit monitoring and the ICO provided all process, monitoring and tracking documentation as part of the audit. HHS reported no findings or exceptions related to single audit monitoring or management decision letter issuance. The Department remains willing to share these audit results based on federal requirements, should the SAO request them. During the review of the draft report, ICO identified a CFR which was not applicable and requested SAO remove the reference. The Department follows and complies with 2 CFR 200.521 and request that code be included in Applicable Laws and Regulation. We continue our commitment to compliance and look forward to partnership to ensure integrity of our programs, including LIHEAP. Auditor’s Remarks The criteria we applied in the audit were solely federal law, not our preferences. The audit was conducted in accordance with Government Auditing Standards and the Uniform Guidance under 45 CFR Part 75. Uniform Guidance requires agencies to establish and maintain effective internal controls over federal award compliance. In our judgment, the Department did not provide evidence to support its assertion that it tracked, monitored subrecipients, and documented the action at least seven times during the monitoring period. As the finding states, the documentation received shows the Department reviewed this once (over approximately a two-week period) during the audit period. Subrecipient expenditures in the prior year is an essential component to consider when determining if a subrecipient should be monitored for single audit reporting. To ensure compliance, all subrecipients that receive federal funding from the Department should be included in the population for monitoring to determine if an audit report was due. In its response, the Department stated “The method to track the fiscal year-end date for the single audit due in the audit period is not required by CFR.” This statement appears to be in relation to a misunderstanding of federal requirements that was presented to us by the Internal Control Office during the audit. The assertion that tracking the fiscal year end date is not a requirement is not correct. 45 CFR 75, section 352 (f) states the agency must “verify that every subrecipient is audited as required by subpart F.” Subpart F reference 45 CFR 75.512 which states subrecipients must submit their audits no later than nine months after the end of the audit period. If the Department does not track when audits are due, they cannot meet their legal obligation to verify the audits were completed timely and that their subrecipients complied with federal law. We did request the Department provide any audit reports from the federal grantor that were conducted during the audit period. The Department did not provide this report, inform us of its existence or inform us that an audit was conducted by the grantor until after our fieldwork was completed. The Department asserts that the wrong CFR is being used and specifically referenced 2 CFR 200.521. We informed the Internal Control Office during the audit that they were applying the wrong federal criteria. Each federal agency was required to implement the Uniform Guidance into its own specific CFR. The grantor did so and incorporated this requirement at 45 CFR Part 75, section 352, which is what we have referenced throughout the audit. The Department was offered many opportunities to provide evidence to support exceptions identified during fieldwork but did not provide additional documentation to support its assertions. We reaffirm our finding and will review the status of the Office’s corrective action during the next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. 3. Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521. (f) Verify that every subrecipient is audited as required by subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501. (h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-037 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated. Assistance Listing Number and Title: 93.658 Foster Care Title IV-E Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2402WAFOST 2502WAFOST Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Tests and Provisions – Payment Rate Setting and Application Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-071 Background The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff. In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2025, the Department spent about $164 million in federal grant funds, including about $18.8 million for foster care maintenance payments. The Department must establish payment rates for maintenance payments (for example, payments to foster parents, childcare institutions or directly to youth). The Department’s state plan approved by the Administration for Children and Families must provide for periodic review of payment rates for foster care maintenance payments at reasonable, specific, time-limited periods established by the Department to ensure the rate’s continuing appropriateness for the administration of the Title IV-E program. One of seven levels of maintenance payment amounts are assigned to each child based on a variety of factors such as medical needs. Each of the levels includes an overall increase of $342.50 from the previous level. The Department last recalculated its Foster Care maintenance payment rates in fiscal year 2024. At that time, the different rate level increases were between $50 and $1,302 per month. The Department has established rate structures for regular foster care maintenance payments, Behavioral Rehabilitation Service, and administrative service and management fees. The Department performs an economic analysis every four years to determine rates. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated. The prior finding number was 2024-071. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated. The Department has a policy that requires an analysis every four years to determine the basic Foster Care maintenance payments; however, the Department did not have written procedures to ensure it established maintenance payment rates exclusively for allowable, reasonable and necessary activities. During the prior audit, we reviewed the rate elements the Department used to determine the final maintenance rates and identified several that, in our judgment, appeared to be unnecessary or unreasonable. During the audit period, the Department did not recalculate the rate or establish procedures to support the following elements, identified in the prior audit, as necessary and reasonable: Apps/games/ringtones for handheld devices Multiple entertainment and recreation costs such as: oTV/video/audio oSatellite dishes oExercise equipment and gear/game tables oVideo game software oStreaming/downloaded audio oStamp and coin collecting oOnline gaming services Food that did not appear to be suitable for children’s activities, such as coffee, soda and other carbonated drinks, and sweets Baby food included in the calculation for older children We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition In response to the prior year finding, the Department began drafting policies and procedures related to rate setting, but did not complete them during the audit period. In addition, the Department had no new documentation to demonstrate how each rate element was reasonable and allowable. Lastly, the state plan did not reference any procedures, laws or regulations regarding how rates should be calculated; it only referenced the policy stating that rates must be recalculated every four years. Effect of Condition Without policies and procedures to support the allowability of rates, the effect on the rates from the prior year audit still exists. In the prior audit, after removing the identified elements, rates for level one payments were roughly $50 less than what the Department determined. The Basic Rate difference was $49.79 for children up to five years old, $50.27 for children aged six to 11 years, and $52.29 for children aged 12 years and older. Additionally, the Department could not support the overall increase of $342.50 for each level. For levels higher than the basic rate, the Department was unable to support the increases, leading to the Department potentially paying more than what is allowable. Recommendation We recommend the Department develop and implement written procedures for setting payment rates to ensure established foster care maintenance payment rates only include allowable costs. Department’s Response The Department concurs that policies and procedures related to rate setting for Foster Care maintenance payment are not currently established. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years. Due to limited staffing resources, in September 2024, the Department submitted a budget request for the 2025 supplemental budget. The request included funding for a contractor to establish a formal governance process, policies and procedures, and create a public rate setting calendar and feedback structure for Department rate setting activities. This budget request was not funded by the Legislature. In February 2025, the Department met with the SAO to gather an understanding of concerns and how reasonable and allowable rates could be documented to assist with compliance. In July 2025, the Department began drafting the written policies and procedures and shared the drafts with SAO during the SFY25 audit period. The Department is committed to strengthening internal controls and complying with federal requirements and will continue to follow internal processes to finalize the payment and rate setting policies and procedures during SFY26. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, Subpart E-Cost Principles Title 45 CFR Part 75, Subpart F-Audit Requirements, establishes standards for obtaining consistency and uniformity among HHS agencies for the audit of non-Federal entities expending Federal awards. Title 42 U.S. Code Chapter 7, Social Security Subchapter IV – Grants to States for Aid and Services to Needy Families with Children and for Child-Welfare Services. Section 675 Definitions Part 4 states in part: 4. The term “foster care maintenance payments” means payments to cover the cost of (and the cost of providing) food, clothing, shelter, daily supervision, school supplies, a child’s personal incidentals, liability insurance with respect to a child, reasonable travel to the child’s home for visitation, and reasonable travel for the child to remain in the school in which the child is enrolled at the time of placement. In the case of institutional care, such term shall include the reasonable costs of administration and operation of such institution as are necessarily required to provide the items described in the preceding sentence. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-038 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to providers were allowable and properly supported for the Social Services Block grant. Assistance Listing Number and Title: 93.667 Social Services Block Grant Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2402WASOSR; 2502WASOSR Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Known Questioned Cost Amount: $1,872,842 Prior Year Audit Finding: Yes, Finding 2024-072 Background The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth and young adults for case management, foster care, protective services, transportation, childcare and other services such as child welfare services, intake and assessment, crisis counseling, family reconciliation and licensing staff. In fiscal year 2025, the Department paid about $44.1 million in federal funding. Of this amount, the Department paid about $20.3 million to providers for direct client services. SSBG gave the Department broad flexibility to design and administer the program based on its approved plan. The Department used the SSBG Pre-Expenditure Report and Intended Use Plan approved by the federal partner to identify activities eligible for the SSBG program. Payments to the providers were initially incurred for other programs and then transferred to the SSBG program to align with the amounts allocated in the Pre-Expenditure Report. The Department periodically processed journal vouchers to make these transfers. Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show they have been used in accordance with program requirements. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the SSBG. The prior finding numbers were 2024-072 and 2023-070. Description of Condition The Department did not have adequate internal controls to ensure payments to providers were allowable and properly supported for the SSBG program. Department management said it used the approved SSBG Pre-Expenditure Report and Intended Use Plan to identify eligible activities initially charged to the Foster Care program, then periodically transferred them to them to the SSBG grant to align with the Pre-Expenditure Report. We examined the Department’s accounting records to determine if payments the Department transferred to the SSBG program were for activities that were allowed, authorized, accurate and supported. We identified total provider payments of $20,350,591 that were transferred to the SSBG program during fiscal year 2025. We analyzed provider payments and requested the Department verify whether it could provide adequate level of expenditure so we could determine whether the payments were allowable and supported. Based on our analysis and confirmation from the Department, we categorized the total expenditures into two categories, which we identified in the following table. Category Amount Provider payments for which the Department provided adequate level of support $18,477,749 Provider payments for which the Department could not provide an adequate level of support $1,872,842 Total payments to providers $20,350,591 Provider payments for which the Department provided an adequate level of support We used a statistical sampling method and randomly selected and examined 59 out of a total population of 13,921 payments. We also randomly selected and examined 12 out of a total population of 1,944 accrual payments. We reviewed supporting documentation, description of activities and payment approvals. We found the payments were for activities that were supported, allowable, authorized and accurate. Provider payments for which the Department could not provide an adequate level of support We were unable to perform testing on payments totaling $1,872,842 because the Department was only able to provide summary-level information. The Department was unable to provide an adequate level of support for us to determine whether costs were for activities that were allowed, authorized and within the period of performance. We consider these internal control deficiencies to be a significant deficiency. Cause of Condition The Department processed expenditure transfers at the grant level. As a result, the Department could not provide an adequate level of support for 4.2% of payments to providers charged to the SSBG program. Therefore, we could not determine whether the payments transferred to SSBG were accurate, for allowable activities and incurred during the period of performance. Effect of Condition and Questioned Costs By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition where our Office could not test some of the federal dollars it transferred to SSBG. We are questioning $1,872,842 in federal program costs the Department charged to the SSBG program during the audit period. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: Design and implement internal controls to ensure the funds it transfers to SSBG are supported by transaction-level support sufficient to comply with federal law Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department’s Response The Department does partially agree with the State Auditor’s Office’s (SAO) finding as outlined above. The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. Beginning in November 2024, the Department limited journal voucher (JV) activities and began manually processing these JVs at the transaction-level by grant funding sources. These efforts were taken to address SAO’s concern that the SSBG program was not auditable without transaction-level data. The Department agrees that two JVs identified by SAO processed prior to November 2024 did not include the transaction-level data. The Department maintains that funds were not improperly charged to the SSBG grant. This is a two-year grant that the Department spends in one fiscal year. The Department does not agree with the finding that $505,707.39 was unallowable activities charged to the grant. This figure is an estimate for how much the Department may spend within the allowable timeframe, not the actual amount charged to the grant. Accruals are estimated outstanding costs at the conclusion of the closing period that are required by OFM as part of the state’s year end closing process. In response to the auditor’s prior recommendations for transaction-level tracking, the Department submitted a budget request for the 2024 supplemental budget. However, funding was removed in the final 2025 supplemental budget and 2025-27 biennial budget. The Department will continue to work within existing resources to build out the required databases between the Social Service Payment System and the Agency Financial Reporting System to allow transfers between funding sources to include transaction-level data related to the expenditures and reduce the current manual effort that is required. Auditor’s Remarks For the accounting adjustments (JVs) questioned prior to November 2024, there was not adequate transaction level payment data to verify that the expenditures were allowable and within the grant period of performance. Furthermore, the Department reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. However, for the $505,707 in expenditures referenced by the Department (which is part of the $1.87 million in questioned costs), it was not able to provide support for the liquidation of these accruals for us to verify they were allowable and within the period of performance. We reaffirm our finding and will review the status of the Department’s corrective action in the next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. 45 CFR Part 75, section 403, Factors affecting allowability of costs, establishes requirements for the collection of unallowable costs. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part: a.Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures applicable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-050 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Community Mental Health Services and Block Grants for Substance Use Prevention, Treatment, and Recovery Services programs. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services 93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 6B09SM083998-01, 6B09SM083998-01M001, 6B09SM083998-01M002, 6B09SM083998-01M003, 6B09SM085912-01,6B09SM085912-01M001, 6B09SM085912-01M002,6B09SM085384-01, 6B09SM085384-01M001,6B09SM085384-01M002, 1B09SM087327-01,6B09SM087386-01, 6B09SM087386-01M001, 6B09SM087386-01M002, 6B09SM087386-01M003, 6B09SM089385-01, 6B09SM089385-01M001, 1B09SM089651-01, 1B09SM089651-01, 1B09SM089992-01, 1B09SM090369-01, 1B08TI083977-01,6B08TI083977-01M001, 6B08TI083977-01M002,1B08TI083519-01, 6B08TI083519-01M001, 6B08TI083519-01M002, 1B08TI084617-01, 6B08TI084617-01M001, 6B08TI084617-01M002,1B08TI085843-01, 6B08TI085843-01M002,1B08TI087075-01, 1B08TI088142-01 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Reporting Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-083 Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Community Mental Health Services Block Grant (MHBG) and the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). Utilizing MHBG funds, the Authority subawards funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances. In fiscal year 2025, the Authority spent about $34.6 million in federal program funds, $22 million of which it paid to subrecipients. The Authority also subawards federal funds under the SUPTRS program to counties, tribes, and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2025, the Authority spent about $44.8 million in federal program funds, including about $30.2 million it paid to subrecipients. The Federal Funding Accountability and Transparency Act (Act) requires the Authority to collect and report information on each subaward of federal funds more than $30,000 in the federal reporting system. The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending. The Authority includes a subaward identification form, which contains all the required reporting information, when it creates a new subaward or amendment. After all parties sign the form, contract unit staff email the subaward identification form to the federal financial reporting unit, which completes the report as required. Staff track the status of reportable subawards and amendments in monthly workbooks to ensure all subawards and amendments are included in the FFATA report. The Grants Compliance Manager reviews this monthly FFATA reconciliation workbook to ensure FFATA reports are submitted for all applicable subawards. There were 96 SUPTRS and MHBG subawards and amendments that the Authority was required to report in fiscal year 2025 totaling $74,884,110. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the MHBG and SUPTRS programs. The prior finding numbers for SUPTRS were 2024-083, 2023-086, 2022-069 and 2021-058. The prior finding number for MHBG was 2022-065. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act. We used a non-statistical sampling method to randomly select and examine 15 of the 96 subawards and amendments with seven pertaining to each MHBG and SUPTRS and one pertaining to both. We found that six (40%) did not meet reporting requirements as follows. Out of 15 subawards, the Authority: Did not submit three (20%) Filed one (7%) 141 days late Submitted two (13%) with incorrect amounts Transactions Tested Subaward Not Reported Report Not Timely Subaward Amount Incorrect Subaward Missing Key Elements 15 3 1 2 0 Dollar Amount of Tested Transactions Subaward Not Reported Report Not Timely Subaward Amount Incorrect Subaward Missing Key Elements $9,832,193 $228,753 $50,000 $2,442,106 (overreported) $0 We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department stated these errors were the result of incorrect information on the forms used to complete the FFATA entries. In addition, there were technical issues with the Authority’s system and the new federal reporting system that resulted in the report being submitted late. During the prior audit period, the Authority implemented a new monthly reconciliation process to ensure it properly identified all required subawards and amendments to report. This new process was not effective to ensure it submitted all reports as required. Effect of Condition Failing to submit the required reports on time or submitting incorrect obligation amounts diminishes the federal government’s ability to ensure accountability and transparency of federal spending. Recommendation We recommend the Authority: Establish effective internal controls to ensure it submits all required reports Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports Ensure management monitors reporting of this information to ensure future reports are submitted completely and on time Authority’s Response The Authority concurs with the finding. After identification by auditors, the Authority submitted the three reports that had not been filed and corrected the two inaccurate reports. During the fiscal year, the Authority transitioned to a new state tracking system and a new federal reporting system. Several issues resulted from transitioning the reporting process to the new systems. The Authority will review its controls and processes to ensure accurate and complete reporting. Auditor’s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part: Appendix A to Part 170 – Award Term I.Reporting Subawards and Executive Compensation a.Reporting of first-tier subawards. 1.Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward. 2.Reporting Requirements. i.The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov. ii.For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025). The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-051 The Health Care Authority did not have adequate internal controls over and did not comply with federal level of effort requirements for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services program. Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services 93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 1B08TI083977-01,6B08TI083977-01M001, 6B08TI083977-01M002,1B08TI083519-01, 6B08TI083519-01M001, 6B08TI083519-01M002, 1B08TI084617-01, 6B08TI084617-01M001, 6B08TI084617-01M002,1B08TI085843-01, 6B08TI085843-01M002,1B08TI087075-01, 1B08TI088142-01 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Level of Effort Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds under the SUPTRS program to counties, tribes, and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2025, the Authority spent about $44.8 million in federal program funds, including about $30.2 million it paid to subrecipients. The SUPTRS program included a level of effort requirement to maintain state expenditures for authorized activities by the state at a level at least equal to the average level of such expenditures the state maintained for the two state fiscal years before the fiscal year the state applied for the grant. If necessary, the Authority may request from the federal grantor an exclusion of non-recurring funds, which can inflate amounts. The Authority tracks level of effort requirements quarterly and maintains these calculations within tracking workbooks, which fiscal staff reviews and a Behavioral Health Grants lead or supervisor approves. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with federal level of effort requirements for the SUPTRS program. We calculated the overall state spending for this requirement during state fiscal year 2025 and compared it to the state fiscal years 2023 and 2024 average. The Authority spent $3,481,637 less in state expenditures than it needed to meet the level of effort requirement. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition In the last quarterly level of effort tracking workbook for the state fiscal year, the Authority noted that this requirement was not on track to meet the requirement, but management did not take adequate action to address it. The Department stated noncompliance was the result of prior years’ state expenditures containing inflated spending amounts due to COVID funding and that it was not aware it could obtain a waiver from the federal grantor. Effect of Condition By not establishing adequate internal controls, the Authority was not able to ensure the state met the federal level of effort requirement for the SUPTRS program. By not complying with federal requirements, the Authority risks having to repay federal funds or having future federal funds withheld. Recommendation We recommend the Authority: Establish and follow effective internal controls to ensure it meets level of effort requirements Consult with the appropriate state-level authority to ensure the state maintains the level of effort required to comply with federal law Authority’s Response The Authority concurs it did not meet the level of effort threshold with the information it provided to the auditor during the audit. However, after further review conducted during corrective action plan development, the Authority found it did not meet the threshold due to the timing of managed care expenditures moved between behavioral health programs in fiscal years 2023 and 2024. This adjustment caused an overstatement of SUD expenditures in these two fiscal years that directly impacted the level of effort threshold for fiscal year 2025. The Authority has initiated conversations with its grantor, SAMHSA, and will submit a formal request by the middle of January 2026 to restate and update the level of effort table. This will result in accurately stated expenditures and allow the Authority to show SAMHSA that it met the threshold for fiscal year 2025. The Authority has already implemented procedures to ensure timely processing of expenditure adjustments between behavioral health programs. Additionally, it will strengthen its internal controls by updating procedures aimed at identifying areas of underspend through year-over-year expenditure analysis. It will also document deadlines to ensure adequate time is allowed for timely waiver submission, should that be required. These internal control enhancements will occur by the beginning of March 2026. Auditor’s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Part 96, section 134 - Maintenance of effort regarding State expenditures, states in part: (a) With respect to the principal agency of a State for carrying out authorized activities, the agency shall for each fiscal year maintain aggregate State expenditures by the principal agency for authorized activities at a level that is not less than the average level of such expenditures maintained by the State for the two year period preceding the fiscal year for which the State is applying for the grant. The Block Grant shall not be used to supplant State funding of alcohol and other drug prevention and treatment programs. (b) Upon the request of a State, the Secretary may waive all or part of the requirement established in paragraph (a) of this section if the Secretary determines that extraordinary economic conditions in the State justify the waiver. The State involved must submit information sufficient for the Secretary to make the determination, including the nature of the extraordinary economic circumstances, documented evidence and appropriate data to support the claim, and documentation on the year for which the State seeks the waiver. The Secretary will approve or deny a request for a waiver not later than 120 days after the date on which the request is made. Any waiver provided by the Secretary shall be applicable only to the fiscal year involved. “Extraordinary economic conditions” mean a financial crisis in which the total tax revenue declines at least one and one-half percent, and either unemployment increases by at least one percentage point, or employment declines by at least one and one-half percent. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-052 The Military Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Fire Management Assistance Grant program. Assistance Listing Number and Title: 97.046 Fire Management Assistance Grant Federal Grantor Name: U.S. Department of Homeland Security Federal Award/Contract Number: FM-5397-WA, FM-5401-WA, FM-5455-WA, FM-5087-WA, FM-5090-WA, FM-5094-WA, FM-5101-WA, FM-5100-WA, FM-5104-WA, FM-5098-WA, FM-5103-WA, FM-5108-WA, FM-5106-WA, FM-5109-WA, FM-5113-WA, FM-5337-WA, FM-5351-WA Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Reporting Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Robert T. Stafford Disaster Relief and Emergency Assistance Act, Public Law 93-288, as amended, 42 U.S.C. §5121, et seq. (Stafford Act) authorizes the President to provide Fire Management Assistance in response to a declared fire. Federal assistance is coordinated through the Department of Homeland Security’s Federal Emergency Management Agency (FEMA). Under the Fire Management Assistance Grant (FMAG) program, FEMA provides assistance in the form of grants for equipment, supplies, and personnel costs, to any state, tribal government, or local government for the mitigation, management, and control of any fire on public or private forest land or grassland that threatens such destruction as would constitute a major disaster. The FMAG Program replaced FEMA’s Fire Suppression Assistance Program when Section 420 of the Stafford Act was amended by the Disaster Mitigation Act of 2000, Public Law 106-390, and is effective for all fires declared on or after October 30, 2001. The FMAG is a “funds matching program” with a funding arrangement of 75 percent federal share and 25 percent non-federal share – subrecipient responsibility. The Washington Military Department acts as the intermediary between the subrecipients and FEMA, by answering questions about program requirements and documentation of costs, preparing project worksheets for funding, advising subrecipients of funding approvals, processing payment requests, and closing subrecipient subawards (grants). In fiscal year 2025, the Department received more than $45 million in FMAG federal funding, which was passed-through and expended by its subrecipients. The Federal Funding Accountability and Transparency Act (Act) requires the Department to collect and report information on each subaward of federal funds more than $30,000 in the federal reporting system. The Department must report subawards by the end of the month following the month in which it executed the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending. FEMA issues subaward and amendment obligation of project funding notifications as an S1 report. FMAG program staff use the S1 report to enter obligation details into the Contract Unit’s Federal Funding Accountability and Transparency Act (FFATA) Reporting Spreadsheet that contains the required reporting information for the subawards. Contracts staff then submit the report based on the FFATA spreadsheet. There were 20 FMAG subawards that the Department was required to report in fiscal year 2025, totaling $47,190,192. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the FMAG program. During the audit period, the Department was required to report 20 subawards, totaling more than $47 million of program funds, that it awarded to three subrecipients. We examined all 20 and found the Department: Did not submit four of the required reports Did not accurately report the subaward obligation date for one report Submitted seven reports later than the last day of the month following the month in which the subaward was obligated Our testing results are summarized in the table below: Transactions Tested Subaward Not Reported Report Not Timely Subaward Amount Incorrect Inaccurate Subaward Key Elements 20 4 7 0 1 Dollar Amount of Tested Transactions Subaward Not Reported Report Not Timely Subaward Amount Incorrect Inaccurate Subaward Key Elements $47,190,192 $4,460,413 $11,641,985 $0 $142,059 We consider this internal control deficiency to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department has procedures in place to ensure staff report subawards and amendments, however management did not ensure program staff entered all subaward information in the FFATA reporting spreadsheet correctly. Effect of Condition Failing to properly submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. Recommendations We recommend the Department: Establish effective internal controls to ensure it submits all required reports on time and accurately Follow established procedures to ensure it enters all required information accurately and timely Department’s Response During SFY 2024–25, FEMA implemented significant methodology changes that affected the FMAG program. FEMA transitioned from using FEMA EMMIE reports to FEMA Grants Portal reports and FEMA GO for S1 forms. During this transition, FMAG program staff encountered difficulty identifying accurate obligation dates for each subrecipient, which led to discrepancies in the data reported in FFATA. Additionally, FEMA did not consistently follow its own notification process for several obligations, which resulted in the program not reporting those obligations until later months after staff became aware of the awards. At the same time, the Program Assistant position responsible for completing FFATA reporting remained vacant for most of the state fiscal year. Multiple team members filled the role on an interim basis, which contributed to missed or delayed entries. The program and contracts staff also attempted to enter several awards into FFATA, but SAM.gov would not accept the entries because the overall grant had not yet been entered into the system. The issue was discussed with FEMA but was not resolved for several months, resulting in additional late reporting. The combination of reporting system changes, SAM.gov limitations, increased operational workload, and staffing shortages contributed to the reporting inaccuracies. An additional check-and-balance process is needed to assist Public Assistance Program supervisory staff during final review. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part: Appendix A to Part 170 – Award Term I.Reporting Subawards and Executive Compensation a.Reporting of first-tier subawards. 1.Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward. 2.Reporting Requirements. i.The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov. ii.For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025). The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-010 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure salaries and wages charged to federal awards for the Research and Development programs were allowable and adequately supported. Assistance Listing Number and Title: 12.420 Military Medical Research and Development 47.049 Mathematical and Physical Sciences 93.113 Environmental Health 93.172 Human Genome Research 93.242 Mental Health Research Grants 93.279 Drug Use and Addiction Research Programs 93.361 Nursing Research 93.393 Cancer Cause and Prevention Research 93.838 Lung Diseases Research 93.853 Extramural Research Programs in the Neurosciences and Neurological Disorders 93.855 Allergy and Infectious Diseases Research 93.865 Child Health and Human Development Extramural Research 93.866 Aging Research Federal Grantor Name: U.S. Department of Defense National Science Foundation U.S. Department of Health and Human Services Federal Award/Contract Number: 1R21AI164028-01A1; 1R21NR021233-01; 2R01AG060942-06A1; 3GG015353-07; 5523AI153390-05; 5P30A1027757-38; 5P30AG066509-05; 5P30ES007033-30; 5R01CA258590-05; 5R01DA057559-03; 5R01HD023412-29; 5R01HG002385-24; 5R01HL153979-04; 5R01MH101221-13; 5R01NS125635-04; 5R25NS095377-09; 5R33HD103079-05; 5U19AG076581-03; 5UM1AI148573-07; DMS-2134012-002; W81XWH-21-1-0271; W81XWH-21-1-0272 Pass-through Entity Name: Various Pass-through Award/Contract Number: Various Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $17,191 Prior Year Audit Finding: No Background The federal government sponsors research and development (R&D) activities under a variety of types of awards. Most commonly, these are grants, cooperative agreements, and contracts to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D activities conducted under these awards vary widely. Grants for R&D are awarded to recipients on the basis of applications or proposals submitted to federal agencies or pass-through entities. An award is then negotiated that will include the purpose of the project, the amount of the award and the terms and conditions. R&D award terms and conditions often include limitations on compensation for time and effort spent on research projects. University activities, including research, instruction, administration, service and clinical activity, generally qualify as effort charged to research awards. The University’s policies and procedures incorporated through its Grants Information Memoranda 35 – Effort Reporting Policy for Sponsored Agreements stipulate that salaries of staff should be charged to sponsored projects by determining the percentage of the faculty member’s average work week devoted to the project(s) and charging no more than that percentage of the faculty member’s base salary to the project. The University utilizes effort certifications to track the effort of individuals paid from sponsored awards. These certifications contain two different report types: effort statements and project statements. Faculty participating in research projects submit effort statements on a semi-annual basis which are reviewed and approved by a grant manager. Non-faculty members, including graduate assistants, prepare project statements documenting their time and effort spent on R&D projects and submit the project statements to the principal investigator assigned to the project for approval on a quarterly basis. Individuals are required to appear on an effort statement or project statement if they are paid from federal awards and have a salary that is paid on a cost sharing federal award. During fiscal year 2025, the University spent more than $367 million on salaries and wages for faculty and non-faculty staff participating in federal R&D projects. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure salaries and wages charged to federal awards for the R&D programs were allowable and adequately supported. We used a statistical sampling method to randomly select and examine 59 out of a total population of 252,300 payroll transactions by employee, by pay period, to determine if they were allowable and supported by adequate documentation. We found 21 payroll transactions (36%) that were not supported by a signed project or effort statement from the principal investigator for the corresponding payroll period. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The University said that when implementing its new Workday financial system in July 2023, effort certifications were delayed for one year as the University addressed data integration issues with its legacy system, Employee Compensation Compliance. After implementation of Workday, University staff were re-trained on the effort reporting procedures which led to noncompliance with effort requirements as staff were not familiar with the new effort reporting procedures. Additionally, the University did not effectively monitor the completion of effort and project statements to ensure they were being consistently reviewed and certified by grant managers and principal investigators. Effect of Condition and Questioned Costs By not establishing adequate internal controls over payroll costs, the University is at a higher risk of unallowable costs going undetected. We determined that for the exceptions identified, the related costs of $17,191 did not comply with federal cost principles requirements, specifically that costs were not supported by adequate documentation to demonstrate the amounts charged to federal awards were allowable and in accordance with award terms and conditions. The table below summarizes the questioned costs identified by federal program: Assistance Listing Number Federal Program Name Questioned Cost Amount 12.420 Military Medical Research and Development $83 47.049 Mathematical and Physical Sciences $1,585 93.113 Environmental Health $372 93.172 Human Genome Research $289 93.242 Mental Health Research Grants $1,223 93.279 Drug Use and Addiction Research Programs $2,325 93.361 Nursing Research $70 93.393 Cancer Cause and Prevention Research $1,646 93.838 Lung Diseases Research $1,435 93.853 Extramural Research Programs in the Neurosciences and Neurological Disorders $2,040 93.855 Allergy and Infectious Diseases Research $1,633 93.865 Child Health and Human Development Extramural Research $2,036 93.866 Aging Research $2,456 Total $17,191 *Questioned costs above are rounded to the nearest dollar We used a statistical sampling method to randomly select the transactions examined in the audit. Based on the results of our testing, we estimate the total likely questioned costs paid with federal award funds to be $73,512,822. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely questioned cost projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 2 CFR 200.516(a)(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the University: Strengthen internal controls to ensure that effort statements are reviewed and approved by grant managers and project statements are reviewed and approved by principal investigators, as required by University policies, to demonstrate that salaries and benefits of staff charged to research awards are allowable and accurate Monitor salaries and benefits charged to R&D awards to ensure University procedures for effort reporting are being followed Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid University’s Response The University acknowledges this finding and is committed to substantially strengthening the controls, streamlining processes and improving mechanisms to ensure timely certification of effort. As of February 24, 2026 the 21 payroll transactions totaling questioned costs of $17,191 as identified by SAO have been reviewed by the applicable principal investigator and effort certifications statements completed. The University will conduct a full review of the effort certification process, staff trainings, control mechanisms and escalation pathways, and implement improvements by the end of the current fiscal year (2026). Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs. Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs. Title 2 CFR Part 200.430, Uniform Guidance, establishes the requirements for charging compensation for personal services to federal awards. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-003 The University of Washington did not have adequate internal controls over and did not comply with equipment management requirements for the Research and Development programs. Assistance Listing Number and Title: Various, Research and Development Cluster – University of Washington Federal Grantor Name: Various Federal Award/Contract Number: Various Pass-through Entity Name: Various Pass-through Award/Contract Number: Various Applicable Compliance Component: Equipment Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The federal government sponsors research and development (R&D) activities under a variety of types of awards. Most commonly, these are grants, cooperative agreements, and contracts to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D activities conducted under these awards vary widely. Grants for R&D are awarded to recipients on the basis of applications or proposals submitted to federal agencies or pass-through entities. An award is then negotiated that will include the purpose of the project, the amount of the award and the terms and conditions. Recipients are required to appropriately safeguard and maintain all equipment purchased with R&D awards. Federal requirements stipulate that states receiving federal funds must use, manage and dispose of any equipment in accordance with the state’s laws and procedures. In Washington, the State Administrative and Accounting Manual (SAAM), published by the Office of Financial Management (OFM), specifies how agencies must manage and account for equipment. SAAM defines equipment as tangible property other than land, buildings, improvements other than buildings, or infrastructure, which is used in state operations and with a useful life of more than one year. For these assets, agencies are required to: Mark and identify both capitalized and non-capitalized assets Conduct physical inventories of state-owned assets at least once every other year Establish a capitalized asset inventory system, which includes adding and removing assets from the inventory Implement an inventory records policy Reconcile physical inventories Establish policies and procedures for reporting surplus, lost and/or stolen items The University’s Equipment and Inventory Office (EIO) is responsible for monitoring equipment and inventories for the entire University through its Workday system. Physical inventories of University-owned equipment, including federal equipment, must be completed every two years. During fiscal year 2025, the University acquired more than $51 million of equipment with federal R&D awards. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with equipment management requirements. The University did not conduct a complete physical inventory of equipment assets within the last two years, as required by state regulations outlined in the SAAM. The University’s most recent physical inventory was completed in June 2023. Maintaining Accurate Inventory Records We used a statistical sampling method and randomly selected and examined 59 out of a total population of 4,578 assets in the University’s inventory system to verify the assets were in the possession of the appointed custodian, appropriately safeguarded and maintained, and in adequate working condition, as determined through visual inspection. We found the inventory records for five assets (8%) were not properly maintained to reflect the current status of the assets. Two of these assets had been moved to surplus, one had been returned to the project sponsor, one was replaced without updating the University’s inventory records and one asset was missing. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The University implemented a new Workday financial and reporting system in July 2023, which is also used as the University’s capital asset management system. In the process of migrating inventory records from its legacy systems into Workday, the University did not ensure all records imported to Workday were complete and accurate. University management stated that the EIO could not conduct a complete physical inventory during the audit period due to the large number of departments and campuses it had to oversee and scheduled a cycled inventory process to begin in fiscal year 2026, after the audit period had ended. This, in addition to implementing the new Workday system for inventory management purposes, further delayed the EIO in beginning to establish new inventory procedures. Additionally, management did not effectively monitor campuses and departments to ensure all assets that were moved for surplus, sold, transferred, or identified as lost or stolen were reported immediately to the EIO. Effect of Condition By not establishing adequate internal controls over its management of federal equipment, the University is at a higher risk of failing to detect asset losses. Recommendations We recommend the University: Improve its internal controls to ensure all additions to and removals from the University inventory are reviewed by the EIO for accuracy and appropriateness Ensure a physical inventory is conducted at least every other fiscal year, as required by state regulations, and ensure the inventory is reconciled by the EIO Ensure all assets moved for surplus, sale or transfer are communicated to the EIO to ensure the inventory records for the assets are properly maintained Ensure University inventory policies and procedures are followed Follow up on the missing asset to determine if a loss has occurred, and consider reporting any losses to our Office, as required by law University’s Response The University acknowledges the finding and is committed to substantially strengthening the controls and processes to ensure the timeliness and accuracy of our physical inventory. As noted by SAO, this is the first State R&D audit for capital equipment since the University implemented Workday Financials in July 2023 and Mobile Asset Scanning (MAS) gap application for physical inventory in May 2025. Various aspects of the University’s transition from legacy tools to modern technologies encountered delays and challenges, which impacted the University’s ability to complete the requisite work in a timely manner. System capabilities now in place will enable the University to perform inventory procedures in a timely fashion. In addition to stabilizing new processes, the University is exploring multiple strategies to continue to streamline administrative processes and the control environment to ensure compliance with applicable regulatory requirements. The University has completed follow up on the asset SAO identified as missing during the course of the audit and took appropriate action on February 6, 2026 to comply with applicable state law. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The Washington State Office of Financial Management, State Administrative and Accounting Manual (SAAM), Section 30.40 – Capital Asset Inventory Records Policy outlines the requirements for capital asset inventories. State Administrative and Accounting Manual (SAAM), Section 30.45 – Capital Asset Physical Inventory Policy outlines the requirements for conducting physical inventory reconciliations. State Administrative and Accounting Manual (SAAM), Section 35.10 – Inventories outlines the requirements for physical inventory procedures.
2025-004 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Research & Development programs received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: Various, Research and Development Cluster – University of Washington Federal Grantor Name: Various Federal Award/Contract Number: Various Pass-through Entity Name: Various Pass-through Award/Contract Number: Various Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The federal government sponsors research and development (R&D) activities under a variety of types of awards. Most commonly, these are grants, cooperative agreements, and contracts to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D activities conducted under these awards vary widely. Grants for R&D are awarded to recipients on the basis of applications or proposals submitted to federal agencies or pass-through entities. An award is then negotiated that will include the purpose of the project, the amount of the award and the terms and conditions. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes to subrecipients, the University must follow up with them to ensure they take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse (FAC). The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. To monitor its compliance with these requirements, the University’s Office of Sponsored Programs (OSP) uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The OSP includes subrecipients on this listing upon receipt of the subrecipients entity certification form, which is required prior to executing a subaward with the subrecipient. During fiscal year 2025, the University spent about $1.2 billion in R&D award funds, and of that amount, it passed through more than $187 million to subrecipients. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the R&D programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We examined the University’s subrecipient single audit tracking spreadsheet used to track and verify subrecipients receive a single audit, if required, and compared this subrecipient list to the University’s accounting system for all 471 subrecipients that received payments from R&D awards during the audit period. We also examined federal audit clearing house reports for audit reports issued during our audit period for subrecipients with the University listed as a passthrough entity. We found: · 108 (23%) of the University’s subrecipients in its accounting records were not listed on the OSP audit tracking spreadsheet · 33 of the University’s subrecipients filed audit reports in the FAC during the audit period, of which the University failed to identify 20 (61%) on its tracking spreadsheet We also found one subrecipient received an audit finding that required a management decision letter to be issued during the audit period. The University failed to issue a management decision to this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The University did not implement adequate internal controls to ensure proper monitoring and review of subrecipient single audit submissions and issuance of management decision letters. OSP did not maintain a complete list of subrecipients in the single audit tracking spreadsheet. While the subrecipients included in the listing were being tracked, the listing was not properly maintained to identify all program subrecipients. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients received single audits when they were required. Additionally, the University cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. When it fails to ensure subrecipients establish corrective actions and management monitors them for effectiveness when required, the University cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: · Monitor all subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations · Strengthen internal controls to ensure all subrecipients are included within its single audit tracking documentation · Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required · Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations · Issue a written management decision for applicable audit findings, if necessary University’s Response The University acknowledges this finding and remains dedicated to strengthening the controls, processes, and tools used to ensure ongoing compliance with federal requirements. This commitment includes enhancing documentation protocols and establishing robust practices for effective compliance tracking. The University will implement improved controls to ensure all subrecipient audits are reviewed annually, including the issuance of written management decisions when appropriate. Verification will leverage the information in the Federal Audit Clearinghouse in addition to other public resources such as the Federal Demonstration Partnership Expanded Clearinghouse. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-005 The University of Washington did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Research and Development Cluster programs. Assistance Listing Number and Title: Various, Research and Development Cluster – University of Washington Federal Grantor Name: Various Federal Award/Contract Number: Various Pass-through Entity Name: Various Pass-through Award/Contract Number: Various Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The federal government sponsors research and development (R&D) activities under a variety of types of awards. Most commonly, these are grants, cooperative agreements, and contracts to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D activities conducted under these awards vary widely. Grants for R&D are awarded to recipients on the basis of applications or proposals submitted to federal agencies or pass-through entities. An award is then negotiated that will include the purpose of the project, the amount of the award and the terms and conditions. During fiscal year 2025, the University spent about $1.2 billion in R&D award funds, and of that amount, it passed through more than $187 million to subrecipients. Pass-through entities are required to monitor the activities of their subrecipients to ensure they are properly using federal funds. To determine the appropriate level of monitoring, federal regulations require pass-through entities to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. The University’s Office of Sponsored Programs (OSP) reviews subrecipient proposals to determine if the subrecipient must undergo a risk assessment based on whether or not the University has entered into any other subawards with the subrecipient on similar R&D projects. OSP performs risk assessments for all new subrecipients, as well as subrecipients that have not had a risk assessment performed by the University within the previous three years. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the R&D programs. During state fiscal year 2025, the University awarded more than $52 million in R&D funding to 423 subrecipients. We used a statistical sampling method to randomly select and examine 55 subrecipients to verify the University performed a risk assessment of the subrecipient related to the subaward(s) issued to the subrecipient during the audit period. We found the University did not perform a risk assessment for 42 subrecipients (76%) related to the subawards issued during the audit period. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The University did not believe it was required to conduct a risk assessment of each subrecipient for every subaward it executed with federal funds. Instead, management relied on OSP’s review of the most recent risk assessment for the subrecipient to determine if any new information should be considered for monitoring the new subaward. Effect of Condition Without establishing adequate internal controls, the University cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity. Without performing risk assessments for subrecipients on each subaward, the University cannot ensure that it determined the appropriate level of monitoring of the subrecipient. Not performing new risk assessments also makes the University less likely to detect subrecipient noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the University: Improve internal controls to ensure all subrecipients undergo a risk assessment at the time of receiving a subaward, to determine the appropriate level of monitoring for the subrecipient Ensure it performs and documents the required risk assessments for management to evaluate the results, determine the appropriate level of monitoring for the subrecipient, and demonstrate compliance with federal requirements University’s Response The University acknowledges this finding and remains dedicated to strengthening the controls, processes, and tools used to ensure ongoing compliance with federal requirements. This commitment includes enhancing documentation protocols and establishing robust practices for effective compliance tracking. The University will implement improved controls to ensure subrecipient risk is assessed and documented in the context of each subaward. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-020 The University of Washington did not have adequate internal controls to ensure it notified the Department of Education of changes in student enrollment information accurately and in a timely manner for the Federal Pell Grant and Direct Student Loan programs. Assistance Listing Number and Title: 84.063 Federal Pell Grant Program 84.268 Federal Direct Student Loans Federal Grantor Name: U.S. Department of Education Federal Award/Contract Number: Various Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Tests and Provisions – NSLDS Reporting Known Questioned Cost Amount: None Prior Year Audit Finding: No Background Title IV of the Higher Education Act authorizes programs that provide financial assistance to students to pursue postsecondary education at eligible institutions of higher education. These programs are the largest source of federal aid to postsecondary students and are designed to increase access to and completion of higher education programs. The Federal Pell Grant program provides grants to eligible students enrolled in undergraduate programs and certain post-baccalaureate teacher certificate programs as financial aid. The Direct Loan Program makes subsidized and unsubsidized loans to eligible students in certain eligible undergraduate, graduate or professional degree programs to pay for the cost of attending college. As a condition of participating in the Title IV programs, the University is required to submit data to the U.S. Department of Education (Department) on students listed on the National Student Loan Data System (NSLDS) roster. The administration of Title IV programs heavily depends on the accuracy and timeliness of student enrollment information reported in NSLDS. The Department uses NSLDS enrollment information to ensure student loan repayments occur on time after graduation and accurately measure attendance and graduation rates of students in eligible programs, as well as determine if loan deferments are being appropriately granted. When students receiving a grant or loan have attendance changes, the institution must review, update and certify the student’s enrollment status, program information and enrollment effective dates in NSLDS to reflect any changes to the student’s enrollment status. The University is required to notify the Department of a student’s enrollment change that includes graduating, withdrawing, dropping out, enrolling but never attending classes, or any other change in the student’s academic courseload that impacts their enrollment status of either full-time, three-quarter-time, half-time or less-than half-time. The NSLDS Enrollment Reporting Guide published by the Department outlines the requirements for institutions of higher education to report student information, and the Department considers the following information to be high risk: The institution’s Office of Postsecondary Education Identification number Classification of Instructional Programs code and year for the program of study Credential level (undergraduate certificate, associate’s, bachelor’s or master’s degree) Published program length and program length measurement The date the student began attending the reported program The student’s program enrollment status The student’s program enrollment effective date For the Direct Loan programs, institutions are required to report changes to the Department in the subsequent updated Enrollment Reporting Roster, which is due within 60 days of the student’s enrollment change. This reporting is required for any student receiving a loan who is no longer enrolled at the institution on at least a half-time basis or has changed their permanent address. In fiscal year 2025, the University disbursed more than $367 million in federal Pell grants and direct loans to students. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls to ensure it notified the Department of changes in student enrollment information accurately and in a timely manner for the Federal Pell Grant and Direct Student Loan programs. We used a statistical sampling methodology to randomly select and examine 59 out of a total population of 9,724 students for which the University was required to report a change in enrollment during the audit period. While we determined the University materially complied with the NSLDS reporting requirements, we found seven students for whom the University incorrectly reported enrollment changes to NSLDS or failed to report an enrollment change. Specifically: Five students had their enrollment status incorrectly reported in NSLDS as withdrawn, when the students had actually graduated from the University. Two additional students had withdrawn from the University, and these withdrawals were not reported in NSLDS. We also found one student communicated a change to their permanent address to the University, and this change was not reported in NSLDS by the University for six months. We consider these internal control deficiencies to be a significant deficiency. This issue was not reported as a finding in the prior audit. Cause of Condition University management did not adequately review NSLDS reports to ensure changes to student enrollment statuses were reported accurately. Additionally, the University did not have adequate internal controls to monitor the timely reporting of student information changes to ensure the changes were reported for Direct Loan recipients within 60 days, as required by the Department. Effect of Condition By not establishing adequate internal controls, the University cannot reasonably ensure that changes in student enrollments are reported accurately and timely to the Department, which is critically important for the Department to assess the performance of the Federal Pell Grant and Direct Loan programs. Recommendation We recommend the University improve its internal controls to ensure student enrollment changes are reported accurately and timely in NSLDS. University’s Response The University does have internal controls in place to ensure enrollment reporting to NSLDS. However, we acknowledge the incorrect or late reporting of the students identified during the audit. Upon review of our internal controls, we identified a lapse in backup staffing coverage during a period of personnel transition, which negatively contributed to the accuracy, timeliness, and the audit of reporting during the audit period. Staffing has now been returned to sufficient levels. Additionally, source documentation for the transmitted enrollment data was no longer available for the audit period and therefore the source and cause of the errors could not be identified. Improve internal controls to ensure student enrollment changes are reported accurately and timely in NSLDS. The Office of the University Registrar (OUR) will review the current staffing model and ensure a strengthened internal control structure for NSLDS reporting, which includes multiple responsible staff members, designated backup personnel, and ongoing training of an additional third staff member to ensure consistent and accurate quarterly enrollment reporting moving forward. The OUR will review current audit reports and establish a recurring quarterly audit protocol to ensure NSLDS enrollment information is aligned with University records after submission of data by the National Student Clearinghouse (NSC). We are currently conducting a comprehensive review of all enrollment reporting for the audit period and will submit corrected records to NSLDS as required. OUR, OSFA and UWIT will partner to establish protocols and best practices for the retention of source files. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to establish, document, and maintain effective internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 34 CFR Part 685, William D. Ford Federal Direct Loan Program, section 309, Administrative and fiscal control and fund accounting requirements for schools participating in the Direct Loan Program, establishes fiscal and administrative procedures for the Direct Loan programs. Title 34 CFR Part 690, Federal Pell Grant Program, section 83, Submission of reports, describes the requirements for institutions to report information on federal Pell grant recipients.
2025-013 The Employment Security Department did not have adequate controls over and did not comply with requirements to ensure it filed reports timely and accurately as required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant. Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program 17.259 Workforce Innovation and Opportunity Youth Activities 17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants Federal Grantor Name: U.S. Department of Labor Federal Award/Contract Number: 24A55AT000071-01-00; 24A55AT000071-01-01; 24A55AY000071-01-00; 24A55AW000101-01-00; 24A55AW000101-01-03 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Reporting Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-010 Background The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers and youth. In fiscal year 2025, the Department spent about $67 million in WIOA federal funding, including about $63 million paid to subrecipients. Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending. When a new subaward is executed, Department staff prepare the Federal Funding Accountability and Transparency Act (FFATA) spreadsheet, which contains the required reporting information for the subawards. Staff then submit the report based on the FFATA spreadsheet. The Department was required to report 12 WIOA subawards and amendments in fiscal year 2025, totaling $52,997,109. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant. The prior finding numbers were 2023-011 and 2024-010. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports timely and accurately as required by the Act for the WIOA grant. During the audit period, the Department was required to report 12 subawards, totaling more than $52 million of program funds, that it awarded to 12 subrecipients. We used a non-statistical sampling method to randomly select and examine five out of the total population of 12 subawards. We found: The Department reported all five subawards late. One subaward reported the incorrect subrecipient name and unique entity identifier. The Department obtained the correct unique entity identifier from the subrecipient, but the Department entered it incorrectly in FSRS and did not detect that the incorrect subrecipient name was returned. Four subawards reported incorrect subaward amounts. All five subawards reported incorrect obligation dates. The Department elected to use the federal award notification date as the obligation date on the subaward, rather than when the subaward was executed. All five subawards did not include a unique subaward identification number. Instead, the Department reported the WIOA federal program code to identify the funding source of the subaward, rather than the subaward agreement number. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department had procedures in place to ensure staff reported subawards and amendments in FSRS. However, management did not ensure staff reported subawards timely and correctly. Moreover, the Department asserted it used the WIOA program codes as the subaward identification numbers because of when the program funding is released. However, the subaward numbers used were not unique to a particular subaward. Effect of Condition Failing to submit the required reports on time and accurately diminishes the federal government’s ability to ensure accountability and transparency of federal spending. Recommendation We recommend the Department: Improve internal controls to ensure all subawards are reported accurately and in a timely manner Update the subaward numbers to ensure each subaward number is unique Review and update its FFATA reporting procedures to ensure they contain all necessary steps to comply with federal regulations Provide training for employees who prepare and review the reports to ensure accurate and timely reporting of subaward information Department’s Response The Department appreciates the State Auditor’s Office work to ensure reports are filed accurately and timely. The Department is reviewing its procedures and providing additional training on FFATA reporting to verify the reports are correct and submitted on time. The Department will continue to work with our federal partners to ensure they provide training and guidance on new federal systems and reporting requirements. The Department notes there is no monetary impact related to this finding. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to establish, document, and maintain effective internal controls over federal programs and comply with federal program requirements Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part: Appendix A to Part 170 – Award Term I.Reporting Subawards and Executive Compensation a.Reporting of first-tier subawards. 1.Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward. 2.Reporting Requirements. i.The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov. ii.For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025). The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-033 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund program were allowable and properly supported. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACDC6; 2303WACCDD; 2303WACCDF; 2403WACCDD; 2403WACCDF; 2403WACCDM; 2503WACCDD; 2503WACCDF; 2503WACCDM; 2503WACCDY Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $3,827 Prior Year Audit Finding: Yes, Finding 2024-056 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2025, the Department spent about $369 million in federal funding. Of this amount, the Department spent more than $296.6 million in CCDF funds on monthly child care subsidy payments to child care providers. There are three types of child care providers: licensed centers, licensed family homes, and licensed exempt providers referred to as Family, Friends, and Neighbor (FFN) providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards, and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly. Authorizations for child care To be authorized for child care services, parents must be determined to be eligible based on their income, residency and demonstrated need based on approved activities. Once parents are determined to be eligible, the Department authorizes the amount of care based on the hours a parent participates in approved activities. For licensed centers, the service levels are generally either 23 full-day units (up to 10 hours a day) or 30 half-day units (up to five hours a day), or 46 half-day units during the months of June, July and August, when authorizing care for households with more than 110 hours of activity. Care is authorized based on need when approvable activities are less than 110 hours. When more than 10 hours a day of care is needed, the Department may authorize additional care for overtime. For licensed family homes, providers are authorized monthly units of care either as full-time, part-time, full-time partial-day, or part-time partial-day. FFN providers are paid by the hour, and authorizations are made for either part-time care (up to 110 hours a month) or full-time care (up to 230 hours a month). When more than 10 hours a day of care is needed, the Department may authorize additional care for overtime. Attendance records Child care providers must maintain attendance records to support their billing. All child care providers must use the Department’s electronic attendance recordkeeping system, a Department-approved electronic attendance recordkeeping systems or receive an exception to rule to allow for paper attendance records. The attendance record requirement is the same for all providers. How the provider claims for payment varies depending on the provider type: Licensed center providers claim eligible units per month. Licensed family home providers claim eligible monthly unit(s). FFN providers claim eligible hours per month. To ensure payments are allowable and accurate, the Department conducts data analysis and audits payments. The Department’s subsidy audit unit, which is composed of six provider auditors, reviews payments each month using both random sections and focused referrals. The subsidy audit unit receives focused referrals from other divisions and programs within the Department. Department staff prepare audit request letters and mail them to providers who have 45 days to respond with records. The provider auditors review the records to determine whether the payments are properly supported. Federal regulations require the state to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers were allowable and properly supported. We have reported this condition since 2008. The prior audit finding numbers were 2024-056, 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF program were allowable and properly supported. We used a statistical sampling method to randomly select and examine 59 out of a total population of 397,102 monthly payments for child care. Our sample included child care payments from each of the three provider types: licensed centers, licensed family homes and FFNs. With assistance from the Department, we requested attendance records, provider handbooks and other required receipts from providers that supported the payments. We reviewed each provider’s records to determine if the payments were allowed by federal and state regulations, Department policies and supported by adequate documentation. We found 11 payments funded by the CCDF grant that were noncompliant. The Department improperly paid $3,827 with federal CCDF funds to these 11 providers. The reasons the overpayments occurred were: Four providers did not submit attendance records in response to our request Three providers overbilled for services not supported by attendance records One provider billed for field trips that were not properly supported by receipts Two providers did not provide required signatures from parents or guardians One provider billed for field trips that were not properly supported and did not provide required signatures from parents or guardians While the Department has written procedures over its post-payment audit process, the procedures need improvement. The Department has a Child Care Subsidy Programs Integrity Plan that was most recently updated in February 2024. In the plan, the Department stated the frequency of billing and attendance audits is 240 per month. Program staff said that their goal was to complete these audits within four to six months after the month of service. We reviewed the results of the Department audits that occurred during the audit period which were: The Department completed 2,228 audits during the year. The Department’s post-payment audits were not timely. Most of the audits took place between six months and a year after the month of service. For four months of the year, the Department reviewed about 100 audits per month instead of 240 in its plan. The Department identified overpayments in 1,493 of the 2,228 (67%) post-payment audits it completed during the year. In total, the Department itself identified $2,185,753 in provider overpayments, or 22% of the payments it audited. The Department said these overpayments were submitted to the Department of Social and Health Services, Office of Financial Recovery (OFR), for collections. Providers are allowed due process via administrative hearing following this formal notification. The Department also has a written Quality Control Provider Audit Procedure. This procedure states that the six audit staff are to select both random and focused, or risk-based providers to audit. However, the procedures do not describe the specific methods or factors used by staff to make these selections. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department does not review supporting documentation to verify a payment request is allowable and supported before payment. Payment authorizations establish a maximum for what providers may bill without further approval, but this does not prevent providers from billing for unallowable days, hours or services. The Department said adequate resources are not available to review documentation before payments are made. Until SSPS is connected to attendance reporting systems, providers must maintain attendance records and submit supporting documentation when it is requested. The Department’s post-payment audits consistently identify provider overpayments, which is a detective control. However, management has not implemented internal controls that sufficiently prevent overpayments. The Department said the reason only 100 audits were performed for four months of the year was due to a lack of staffing resources. Effect of Condition and Questioned Costs By not having adequate internal controls in place, the Department increases its risk of making improper payments for child care services. We used a statistical sampling method to randomly select the payments examined in the audit. Based on the results of our testing, we estimate the total likely questioned costs paid with federal CCDF funds to be $27,175,817. In addition, five of the overpayments were partially funded by state dollars that totaled $365. We estimate the likely questioned costs paid with state funds was $2,135,341. This amount is not included in the federal questioned costs. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely questioned cost projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 2 CFR 200.516(a)(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department strengthen its internal controls over payments it makes to child care providers. Specifically, the Department should: Update its written procedures to better describe its post-payment audit process. This should include a description of how staff select random and focused providers to audit. Provide additional resources to fully execute its Child Care Subsidy Program Integrity Plan. Based on its own audits and the results of our statistical sampling in this audit, the Department should consider expanding its audit effort until it is able to implement pre-payment controls. Link its payment and attendance reporting systems to prevent making payments that lack required supporting documentation. The Department should also: · Follow up with the providers that did not respond to requests for records during this audit. · Consult with the grantor to discuss whether the known questioned costs identified in this audit should be repaid. Department’s Response The Department agrees with the 11 exceptions identified by the State Auditor’s Office (SAO) as part of their testing of attendance records and documentation from providers. In February 2026, overpayments were written for the exceptions identified by SAO and submitted for recovery to the Department of Social and Health Services, Office of Financial Recovery (OFR). The Department requires additional funding to increase the number of monthly provider audits completed, or to fund an information technology solution and system linkage between the payment and all of the electronic attendance systems used by providers. Even with data system connections the Department will need significant resources to increase the number of payments reviewed. The Department’s current oversight is limited to the audit capacity of its six quality-assurance (QA) auditors for approximately 397,102 monthly child care payments as noted by SAO. The Department employs automated system controls in the Social Services Payments System (SSPS) to limit provider authorizations to the maximum amount of care a child is eligible to receive and claim. The detective internal controls, post-payment audits, implemented by the Department are designed to detect errors and assure prompt correction of these errors. The QA auditors are identifying billing and electronic attendance system errors, identifying program weaknesses to be proactive to prevent future errors, analyzing data to update provider training materials and policies/procedures, and providing technical assistance to providers to reduce billing errors. Providers have reported appreciation of direct communication with the QA auditors through the technical assistance process. Quality-Assurance Audits SAO Description of Condition: The Department’s post-payment audits were not timely. Most of the audits took place between six months and a year after the month of service. oDepartment Response: The Child Care Subsidy Programs Integrity Plan was updated 7/1/2025 but was not considered for this audit because it was outside the audit period being tested by SAO. oDepartment Response: Child care providers are allowed to claim for payments up to 3 months following the month of service. In addition, a provider has 45 days to provide records to the Department for the month of service being requested. Based on these legal requirements the Department has revised the Child Care Subsidy Programs Integrity Plan to reflect a more accurate goal of 6-12 months for audit completion. SAO Description of Condition: For four months of the year, the Department reviewed about 100 audits per month instead of 240 in its plan. oDepartment Response: During the time period outlined above the Department had one vacant position. The remaining five QA auditors processed and completed 100 monthly audits. In addition to reviewing documents for compliance, the QA auditors also work with providers daily to provide technical assistance by reviewing billing rules to help the providers comply with Department billing policies. These activities are focused on educating providers about child care subsidy rules to assist with reduction of billing errors in the future. oDepartment Response: As noted above, the Department requires additional funding to increase the number of monthly provider audits completed, or to fund an information technology solution and system linkage between the payment and all of the electronic attendance systems used by providers SAO Description of Condition: The Department identified overpayments in 1,493 of the 2,228 (67%) post-payment audits it completed during the year. oDepartment Response: Billing errors identified during the QA audit period included not providing attendance records, missing signatures, general billing mistakes, and incorrectly using an electronic attendance system. As part of the administrative hearings process, a provider may request a hearing from Department of Social and Health Services (DSHS). At these hearings the providers may submit attendance records or receipts that were not previously provided to the Department and have the overpayments reduced or removed completely. oDepartment Response: Since 2018, the Department has supplemented random audits with focused audits. The Department is in process of increasing monthly focused audits received from referrals or providers identified with an Intentional Program Violation (IPV). The remaining audit capacity incorporates random audits to meet the monthly target and ensure unbiased program oversight. SAO Description of Condition: In total, the Department itself identified $2,185,753 in provider overpayments, or 22% of the payments it audited. oDepartment Response: When overpayments are identified the Department writes an overpayment letter and provides it to the DSHS Office of Financial Recovery (OFR). OFR then sends the letter to the provider for recovery. Providers are allowed due process via administrative hearing following this formal notification. oDepartment Response: In fiscal year 2025, OFR recovered provider overpayments in the amount of $2,426,515.27. This amount may be inclusive of overpayments from previous fiscal years. As to the auditor’s specific recommendations, the Department provides the following additional information: SAO Recommendation: Update its written procedures to better describe its post-payment audit process. This should include a description of how staff select random and risk-based providers to audit. o Department Response: The Department is in the process of updating and improving quality assurance audit procedures. The current procedures provide an outline and high-level overview while the specific details are completed by the quality control specialists and their supervisor. The procedures state that the six QA auditors are assigned both random and focused providers to audit. Random audits are determined by the use of a random number generator. QA auditors also perform focused audits based on referrals from licensing, OFR, or program staff. However, the procedures do not describe the specific methods or factors used by the Department to make the selections. The updated procedures will provide detail on how cases are selected and assigned for the monthly audit totals. This update is in addition to the Child Care Subsidy Programs Integrity Plan which outlines the program integrity efforts. SAO Recommendation: Provide additional resources to fully execute its Child Care Subsidy Program Integrity Plan. Based on its own audits and the results of our statistical sampling in this audit, the Department should consider expanding its audit effort until it is able to implement pre-payment controls. o Department Response:The Department agrees this would increase provider payment integrity. The Department will need investment to increase the number of staff who audit provider payments or significant investment in an information technology platform that allows a pre-payment review of all payments. The Department also recognizes that electronic attendance systems require manual input for tracking and is not a preventative internal control by itself. SAO Recommendation: Link its payment and attendance reporting systems to prevent making payments that lack required supporting documentation. o Department Response:The Department agrees this would increase provider payment integrity. The Department will need investment to increase the number of staff who audit provider payments or significant investment in an information technology platform that allows a pre-payment review of all payments. The Department also recognizes that electronic attendance systems require manual input for tracking and is not a preventative internal control by itself. · SAO Recommendation: Follow up with the providers that did not respond to requests for records during this audit. o Department Response:In February 2026, the Department processed overpayments for the exceptions identified by SAO and submitted the overpayments to DSHS OFR for recovery. · SAO Recommendation: Consult with the grantor to discuss whether the known questioned costs identified in this audit should be repaid. o Department Response:When the Department of Health and Human Services (HHS) issues a management decision letter for the fiscal year 2025 finding, the Department will work with HHS and follow the audit resolution process. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. 45 CFR Part 75, section 403, Factors affecting allowability of costs, establishes requirements for the collection of unallowable costs. 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Washington Administrative Code (WAC) 110-15-0034 Providers Responsibilities. Child care providers who accept child care subsidies must do the following: 1. Licensed or certified child care providers who accept child care subsidies must comply with all child care licensing or certification requirements contained in this chapter, chapter 43.216 RCW and chapters 110-06, 110-300, 110-300D, 110-300E, and 110-301 WAC. 2. In-home/relative child care providers must comply with the requirements contained in this chapter, chapter 43.216 RCW, and chapters 110-06 and 110-16 WAC. 3. In-home/relative child care providers must not submit an invoice for more than six children for the same hours of care. 4. All child care providers must use DCYF's electronic attendance recordkeeping system or a DCYF-approved electronic attendance recordkeeping system as required by WAC 110-15-0126. Providers must limit attendance system access to authorized individuals and for authorized purposes, and maintain physical and environmental security controls. a. Providers using DCYF’s electronic recordkeeping system must submit monthly attendance records prior to claiming payment. Providers using a DCYF-approved electronic recordkeeping system must finalize attendance records prior to claiming payment b. Providers must not edit attendance records after making a claim for payment 5. All child care providers must complete and maintain accurate daily attendance records. If requested by DCYF or the state auditor, the provider must provide to the requesting agency the following records: a. Attendance records must be provided to DCYF within 45 calendar days of the date of a written request from either department; and b. Attendance records must be provided to the state auditor’s office within 30 calendar days from the date of a written request 6. Pursuant to WAC 110-15-0268, the attendance records delivered to DCYF may be used to determine whether a provider overpayment has been made and may result in the establishment of an overpayment and in an immediate suspension of the provider's subsidy payment. 7. All child care providers must maintain and provide receipts for billed field trip/quality enhancement fees as follows. If requested by DCYF, the provider must provide the following receipts for billed field trip/quality enhancement fees: a. Receipts from the previous 12 months must be available immediately for review upon request by DCYF; b. Receipts for one to five years old must be provided within 28 days of the date of a written request from either department. 8. All child care providers must: a. Retain all records required by this chapter for a minimum of five years b. Provide to the department records from the previous 12 months immediately upon the department’s written request c. Provide to the department any records between 12 months and five years old within two weeks of the department’s written request 9. All child care providers must collect copayments directly from the consumer or the consumer’s third-party payor, and report to DCYF if the consumer has not paid a copayment to the provider within the previous 60 days 10. All child care providers must follow the billing procedures required by DCYF Washington Administrative Code (WAC) 110-15-0190 WCCC benefit Calculations 1. DCYF determines the amount of care consumers may receive at application or reapplication. Once the care is authorized, the amount will not be reduced during the eligibility period unless a. Consumers request reductions; b. The care is for school-aged children c. The authorization was for additional care needed for less than the entire length of the authorization period d. The care was authorized by child protective services (CPS) or child welfare services (CWS) and is part of children’s case plans under WAC 110-15-4510 e. Incorrect information was given at application or reapplication 2. For parents age 21 years or younger who are attending high school or working towards completing a high school equivalency certificate, DCYF will authorize care based only on their student activity schedules. 3. To determine the amount of weekly hours of care needed, DCYF reviews the child care scheduled with providers, and: a. Consumers’ participation in approved activities and the number of hours their children attend school, including home school, which will reduce the amount of care needed; or b. The days and times that approved activities overlap in a two parent or guardian household, and only authorize care during those overlapping times. Consumers are eligible for full-time care if overlapping care totals 110 hours in one month c. Parents or guardians in two parent or guardian households who are not able to care for their children under WAC 110-15-0020 are considered by DCYF to be unavailable for care, regardless of their schedules 4. Licensed or certified center child care is authorized as follows: a. Full-time monthly unit of care, equal to 22 full day units, is authorized when: i. WCCC or SCC consumers participate in approved activities at least 110 hours per month or full-time care is determined to be appropriate and included in a CPS or CWS case plan; and ii. Their children have scheduled care with a single provider at least 110 hours per month b. Part-time monthly unit of care, equal to the actual anticipated full- and half-day units of care needed averaged over a 12-month period, is authorized when the care scheduled with providers is less than 110 hours per month c. Part-time partial-day monthly unit is authorized when school-age children attend care in a licensed family home and meets the criteria in subsection (5) of this section 5. Licensed family home child care is authorized as the following monthly units of care: a. Full-time monthly unit of care, equal to 22 full day units, is authorized when: i. WCCC or SCC consumers participate in approved activities at least 110 hours per month or full-time care is determined to be appropriate and included in a CPS or CWS case plan; and ii. Their children have scheduled care with a single provider at least 110 hours per month. b. Part-time monthly unit of care, equal to the actual anticipated full- and half-day units of care needed averaged over a 12-month period, is authorized when the care scheduled with providers is less than 110 hours per month. c. Full-time partial-day monthly unit is authorized when school-age children attend care in a licensed family home and meets the criteria in subsection (5) of this section. d. Part-time partial-day monthly unit is authorized when school-age children attend care in a licensed family home before and after school and do not meet the criteria for a full-time partial-day monthly unit. 6. Additional monthly units of care may be authorized when: a. Consumers request an authorization for additional care; b. The need for care is verified; c. The care is needed to supplement an existing monthly unit for unexpected care needed for an approved activity limited to the time frame needed, not to exceed three months; d. For actual anticipated overtime when the overtime is included when determining eligibility for child care; or e. For sleep time 7. Full-time partial-day monthly unit. A single partial-day monthly unit equal to 17 partial days and five full days is authorized for school-age children attending a licensed family home child care when consumers have at least 110 hours of approved activity per month, and their children are: a. Authorized for care with only one provider; b. Scheduled for care of 110 hours or more in July and August; c. In care less than five hours on a typical school day; and d. Need care before and after school. 8. When determining part-time care for families using licensed providers when their activity or amount of care needed is less than 110 hours per month: a. A full-day unit is calculated for each day of care of at least five hours; b. A half-day unit will be calculated for each day of care that is less than five hours; and c. A partial-day unit is calculated for each day of care in a licensed family home when: i. Their children are in care before and after school; and ii. The total care for the day is less than five hours. 9. Full-time care for families using in-home/relative providers is authorized when consumers participate in approved activities at least 110 hours per month: a. Two hundred thirty hours of care are authorized when their children are in care five or more hours per day; b. One hundred fifteen hours of care is authorized when their children are in care less than five hours per day; c. One hundred fifteen hours of care is authorized during the school year for school-aged children who are in care less than five hours per day and their providers are authorized for contingency hours each month, up to a maximum of 230 hours; d. Two hundred thirty hours of care is authorized during the school year for school-aged children who are in care five or more hours in a day; and e. Supervisor approval is required for hours of care than exceed 230 hours per month 10. Care cannot exceed 16 hours per day, per child 11. When determining part-time care for families using in-home/relative providers: a. Under the provisions of subsection (2) of this section, DCYF authorizes the number of hours of care needed per month when the activity is less than 110 hours per month; and b. The total number of authorized hours and contingency hours claimed cannot exceed 230 hours per month. 12. DCYF determines the allocation of hours or units for families with multiple providers based upon the information received from the parents or guardians 13. DCYF may authorize more than the state rate and up to the provider’s private pay rate if: a. The parent or guardian is a WorkFirst participant; and b. Appropriate child care, at the state rate, is not available within a reasonable distance from the approved activity site. “Appropriate” means licensed or certified child care under WAC 110-15-0125, or an approved in-home/relative provider under WAC 110-16-0010. “Reasonable distance” is determined by comparing distances other local families must travel to access appropriate child care. 14. Other feeds DCYF may authorize to a provider are: a. Registration fees; b. Field trip fees; c. Nonstandard hours bonus; d. Overtime care to licensed providers when care is expected to exceed 10 hours in a day when consumers are eligible and authorized; and e.
2025-034 The Department of Children, Youth, and Families improperly charged $9,980 to the Child Care and Development Fund. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACDC6; 2303WACCDD; 2303WACCDF; 2403WACCDD; 2403WACCDF; 2403WACCDM; 2503WACCDD; 2503WACCDF; 2503WACCDM; 2503WACCDY Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Eligibility Known Questioned Cost Amount: $9,980 Prior Year Audit Finding: No Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2025, the Department spent about $369 million in CCDF federal funding. The Department determines child care eligibility for CCDF clients. In fiscal year 2025, the Department spent more than $296.6 million in CCDF federal grant funds on child care subsidy payments to providers. The requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must: Reside in Washington and be a citizen or legal resident of the United States for federal funding and only reside in Washington for state funding. Be younger than 13 years, or if for verified special needs, be younger than 19 years. Reside with a parent(s) or guardian whose countable income does not exceed 60% of the state median income at application or 65% of the state median income at reapplication or meet other specific criteria exempting them from this income limit. Reside with a parent(s) or guardian who works or attends a job-training or education program, experiencing homelessness, or has received protective services. State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and wage information, and family household size and composition. The Department enters client data into the Barcode system. Barcode is the Washington State Department of Social and Health Services’ (DSHS) electronic case management and document imaging system. It is used to store, organize, and route client information, verification documents, and eligibility-related actions for multiple public assistance programs. Once determined to be eligible for the program, a child is eligible for one year unless a change in income causes the household to exceed 85% of the state’s median income. The Department requires clients to self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services. The Department has access to systems that contain wage and household benefit and composition data for some, but not all child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. The Department will request verification from the family when unable to verify necessary information within these systems. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount. The Department, in conjunction with DSHS, uses a Payment Allocation Model (PAM) within the Barcode system that uses statistical analysis (SAS) coding to review client eligibility data and determine the correct funding source. The PAM process occurs after eligibility is determined and child care is authorized. The payment is then assigned to the appropriate funding source based on funding criteria. The Department makes accounting adjustments between state and federal funding sources in its general ledger when needed to meet different spending requirements for CCDF. This process includes identifying allowable expenditures that can be moved to different funding sources. This can include moving funds originally charged as state funds to federal and federal to state or moving federal funds between different funding sources. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. Description of Condition The Department improperly charged $9,980 to CCDF. We found the Department had adequate internal controls to ensure material compliance with eligibility requirements. We used a statistical sampling method to randomly select and examine 59 out of a total population of 75,093 clients. In all but one case, the clients tested were eligible to be paid with CCDF funds. For one sampled client (1.7%), we determined they were not eligible to be paid with CCDF funds but did meet eligibility criteria to be paid with state funds and therefore eligible for the Working Connections Child Care program. The Department paid $33 in child care payments for this client with federal CCDF after the eligibility determination that we tested was made. In addition, through its accounting adjustments, the Department moved an additional $1,650 in child care payments for this client from state funding to federal CCDF based on the PAM allocation, for a total of $1,683. Furthermore, during the payment review, we identified an additional $6,647 in federal CCDF funds, including $1,650 that was moved from state to federal funding, that was spent for this client prior to the eligibility determination we tested. Cause of Condition Management said it did not verify that the Payment Allocation Model’s (PAM) automated logic consistently aligned with program funding requirements. Furthermore, the Department said the accounting adjustment process relies on PAM’s automated source of fund determinations to identify allowable transactions when moving funds among different funding sources. Effect of Condition and Questioned Costs The PAM allocation error resulted in $1,683 of federal overpayments to providers, with an additional $8,297 in federal overpayments to providers identified prior to the eligibility determination. Because we used a statistical sampling method to randomly select the payments examined in the audit, we estimate the amount of likely questioned costs to be $2,142,060. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely questioned cost projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 2 CFR 200.516(a)(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid. Department’s Response The Department also concluded that due to a coding error federal funds were incorrectly used for one client who should have been paid with state funds. As stated in the Description of Condition, all clients who were audited met the eligibility requirements for the Working Connections Child Care (WCCC) program, meaning they were deemed eligible for subsidy payment. The system coding error in the Payment Allocation Model (PAM) process led to the wrong source of funds being used for the client. PAM directs the specific funding source used for payments. This was a technical fiscal coding error, not a failure of program eligibility controls. Funding sources are selected after eligibility is determined and used to ensure payments are for allowable activities. During the audit period, a coding error in PAM resulted in federal funds being allocated to this client instead of state funds. The coding error was corrected in November 2025 to prevent further occurrences of this specific error. To ensure the continued accuracy, the Department has implemented a monthly quality assurance review of a sample of PAM allocations in collaboration with the Department of Social and Health Services. In addition, in February 2026, the Department processed an accounting adjustment to return the $9,980 in questioned costs to the CCDF grant. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
2025-035 The Department of Children, Youth, and Families improperly charged $543,205 to the Child Care Development Fund program. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: 2103WACDC6; 2303WACCDD; 2303WACCDF; 2403WACCDD; 2403WACCDF; 2403WACCDM; 2503WACCDD; 2503WACCDF; 2503WACCDM; 2503WACCDY Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Period of Performance Known Questioned Cost Amount: $543,205 Prior Year Audit Finding: Yes, Finding 2024-058 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2025, the Department spent about $369 million in CCDF federal funding. Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval. The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund and Matching Fund. Each fund has specific period of performance requirements established in federal regulation (45 CFR 98.60(d)). The Department must obligate: · Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award · Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory funds are available until liquidated. · Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award The Department chooses to fully expend these awards within the obligation period. To ensure the Department is compliant with period of performance requirements and expenditures are within the allowed period of performance, it performs regular reviews of expenditures charged to open awards. This process includes a review of expenditures cost allocated to CCDF awards after they are recorded in the accounting system. In prior audits we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2024-058, 2023-061, 2022-043, 2021-037 and 2020-041. Description of Condition The Department improperly charged $543,205 to CCDF program. We found the Department had adequate internal controls to ensure it materially complied with period of performance requirements. The Department properly expended the federal fiscal year 2023 Discretionary and the federal fiscal year 2024 Mandatory and Matching awards within the required obligation period. However, during state fiscal year 2025, there were three awards with project start dates during our audit period. We analyzed expenditures charged to these awards in the accounting system and identified $169,052 in expenditures that were cost allocated to two awards for activity that occurred before these awards opened. The Department provided documentation it said shows an adjustment was made to correct these charges. Because the adjustment occurred outside the audit period, we did not consider it during the audit. In addition, for two awards already open before the start of fiscal year 2025, we identified $5,782 in expenditures manually moved and $370 in expenditures cost allocated to these awards in the audit period that were for activities that occurred before these awards opened. Lastly, there were two awards with liquidation requirements during the audit period. Through a review of expenditures charged to these awards, we identified $368,001 for one award with expenditures that were charged to the award two weeks after the liquidation period had ended. Cause of Condition For the expenditures with activity that occurred before the award opened, management did not review the cost allocated expenditures timely to verify they were within the allowed period of performance. For the expenditures that were manually moved, the Department stated these exceptions occurred because there was a delay in processing the period of performance activity. For the expenditures charged after the liquidation period, the Department initially charged these expenditures during an allowed liquidation period to a different CCDF award. However, these expenditures were later moved over to the award that was closed to fully expend the award. Effect of Condition and Questioned Costs We identified $543,205 in known questioned costs for expenditures that occurred outside of the period of performance. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid. Department’s Response The Department does not agree with the State Auditor’s Office (SAO) finding that $543,205 in expenditures were improperly charged to the CCDF grants. The Department utilizes grant-level management for all federal funds, including the CCDF grant. This process consists of making grant adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department maintains that the expenditures were properly charged to the correct grants and provides the following additional details: SAO identified $169,052 in expenditures charged to the CCDF grant prior to the grant being opened. The Department manages multiple CCDF funding sources and federal grant years at the same time and uses the above-mentioned grant adjustments to move expenditures to the proper grant. The Department provided documentation to SAO showing the expenditures identified were corrected in state fiscal year 2026. This correction was outside the SAO audit period and therefore not considered for this audit. No expenditure was improperly charged to the CCDF grant. SAO identified $6,152 as questioned costs for the federal fiscal year 2024 CCDF grant. The Department agreed during testing that this assumption was correct. After further review of the data and discussion with SAO, the Department determined the credits were moved to the correct period to offset recoveries that were applied to the grant. As evidenced by the quarterly claims for those periods, all funds were appropriately documented and returned to the federal grantor. Expenditures were obligated and expended within the allowable grant period. SAO identified $368,001 that didn’t meet the liquidation requirements during the audit period because they were processed in calendar month October 2024. The Department disagrees with this assessment. The initial expenditures identified by SAO were recorded in the proper liquidation period and were charged to the CCDF Discretionary grant. The Department then processed an accounting adjustment to leverage the available grants funds as per our grant-level management practice. This adjustment occurred in the Agency Financial Reporting System (AFRS) during September 2024, which was within the liquidation period. AFRS records accounting adjustment based on fiscal month and not the date the document was entered into the system; therefore, the adjustment made in calendar month October was allowable per state financial rules because it was recorded in the proper fiscal month. When the Department of Health and Human Services (HHS) issues a management decision letter for the fiscal year 2025 finding, the Department will work with HHS and follow the audit resolution process. Auditor’s Remarks We are required to report noncompliance identified during the audit period. The Department asserts that it corrected $169,052 of the improper charges during the next fiscal year. Since this activity occurred in a different fiscal year than our audit, we did not review those transactions. The Department asserts it provided support for $6,152 of the questioned costs. Specifically, that they were moved to the correct period. During fieldwork, we received written confirmation the Department agreed with these exceptions, and no further support was provided. The liquidation period is when the Department is required to pay and account for all financial obligations for an award to allow the Department to close out the financial activity for this award. The Department asserts that the $368,001 was originally paid with FFY23 Discretionary funds during the allowable liquidation period. However, these expenditures were then moved to the FFY22 Discretionary award in October of 2024, which was after its liquidation period. We reaffirm our audit finding and will review the status of the Department’s corrective action during the next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition for questioned costs. Part 75.410 establishes requirements for the collection of unallowable costs. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, section 98.60 – Availability of funds, states in part: (d) The following obligation and liquidation provisions apply to States and Territories: (1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year. (2) (i) Mandatory Funds for States requesting Matching Funds per section 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended (ii) Mandatory Funds for States that do not request Matching Funds are available until expended (3) Mandatory Funds for Territories shall be obligated in the fiscal year in which funds are granted and liquidated no later than the end of the succeeding fiscal year (4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
2025-036 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACDC6; 2303WACCDD; 2303WACCDF; 2403WACCDD; 2403WACCDF; 2403WACCDM; 2503WACCDD; 2503WACCDF; 2503WACCDM; 2503WACCDY Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-060 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2025, the Department spent about $369 million in CCDF federal funding. The Department oversees two types of providers: licensed providers and license-exempt Family, Friends, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers. The Department has an approved CCDF State Plan for federal fiscal year 2025-2027 that outlines how it will meet the health and safety requirements for licensed and FFN providers. Licensed providers Department licensors conduct annual monitoring visits of licensed providers. During visits, they complete an inspection checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates, and streamline their processes. When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has either five, 10, or 15 business days to verify the noncompliance has been corrected. FFN providers Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require nonrelative FFN providers to complete health and safety training within 90 days of their subsidy payment begin date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules. The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for nonrelative FFN providers within a year of subsidy payment begin date. During these visits, an FFN specialist reviews health and safety requirements and reminds the provider of the ongoing training requirements. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In the 10 prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2024-060, 2023-064, 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022 and 2015-024. Description of Condition The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program. Licensed provider annual monitoring and noncompliance follow-ups We used a statistical sampling method to randomly select 59 out of a total population of 7,014 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit, the Department completed the child care inspection checklist, and the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified eight (14%) instances in which the licensor did not conduct the appropriate follow-up visit on noncompliance issues within the required time frame. In addition, we identified eight (14%) instances in which the licensor did not complete health and safety items on the child care inspection checklist. Items not checked included: Prevention of sudden infant death syndrome and use of safe sleeping practices Appropriate precautions in transporting children Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man-caused event Building and physical premises safety Handling and storage of hazardous materials Nonrelative FFN provider ongoing training and annual technical visits The Department asserted that it uses the FFN Household CCDF Monitoring Report in WA Compass to determine if the FFN meets all training requirements. After reviewing this report, we determined that while the report contains information on current training requirements, it does not contain information for training that has already occurred during the audit period. Due to the limitations of this report and the Department’s limited ability to extract data from WA Compass, 16 (29%) of the 55 license-exempt FFN providers selected to be tested for ongoing training requirements were not required to complete the ongoing training. We examined records for the remaining 39 providers in our sample and did not identify any issues. In addition, the Department could not demonstrate how FFN specialists and management use this report to ensure all training occurred, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition Licensed provider annual monitoring and noncompliance follow-ups Department officials said the agency did not conduct eight out of 59 monitoring follow-up visits within the required time frame because it was unable to maintain a necessary level of staffing. Additionally, the Department did not complete eight out of the 59 inspection checklists because staff did not follow correct system steps. Additionally, management did not ensure monitoring follow-up visits on identified noncompliance occurred, as the CCDF program requires and that inspection checklists were completed. Nonrelative FFN provider ongoing training and technical visits Department officials said the FFN WA Compass system reports are based on real-time data. Therefore, the Department was unable to provide a report with FFN historical data to demonstrate compliance with due dates and to document monitoring activities, including training requirements. The FFN providers can change circumstances throughout the fiscal year such as transitioning from relative to nonrelative care or opening and closing their service multiple times. Since the FFN reports are real-time, this prevents the Department from being able to demonstrate compliance with requirements. Effect of Condition Licensed provider annual monitoring and noncompliance follow-ups By not following up on noncompliance in a timely manner or completing all health and safety components of the inspection checklist, the Department did not have assurance that providers met health and safety requirements, which can put children in jeopardy of harm, neglect and unhealthy environments. Nonrelative FFN provider ongoing training and technical visits By not retaining documentation of the monitoring activities over FFN nonrelative providers who required ongoing training during the audit period, the Department could not demonstrate that it was performing accurate monitoring. Recommendations We recommend the Department: Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and checklists, and conduct thorough, timely follow-ups on any identified noncompliance issues Improve documentation of internal controls to support that it performed monitoring activities during the audit period Department’s Response The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the State Auditor’s Office (SAO) specific findings, the Department concurs and offers the following details: Licensed provider annual monitoring and noncompliance follow-ups The Department concurs that follow up visits were not completed timely for the eight out of 59 sample cases identified by SAO. During state fiscal year 2025 the Department completed 100% of on-site monitoring visits. Although the follow up visits were not completed within the timelines required, 100% of the follow up visits occurred. Licensed child care providers have increased by 22.6% since the end of 2020 with an average annual growth of 4.2% and 2025 has increased 7.3% since the end of 2024, without a corresponding increase in licensing staff. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all follow up visits within the timelines required. Compared to the previous state fiscal year, there has been a positive trend in compliance for 2025. In state fiscal year 2024, SAO identified 16 instances (27%) in which the licensor did not conduct the appropriate follow-up visit on noncompliance issues within the required time frame compared to state fiscal year 2025 in which 8 instances (14%) have been identified. Management continues to follow established policies and procedures as well as continually reviewing reports to improve the timely response of follow-up visits. The Department concurs that eight out of the 59 inspection checklists were not complete because staff did not follow correct system steps. The Department will conduct an internal review of the system steps to complete an inspection checklist and make necessary adjustments to the system as well as provide additional training to licensing staff on the inspection process. During state fiscal year 2025 the Department took the following actions to strengthen internal controls and increase recruitment of licensing staff: WA Compass made steady improvements to the system each month to help the system run more smoothly and keep information accurate. These improvements make the system better for licensed child care and license-exempt staff and providers Established a new pre-licensing team to create an efficient and streamlined pathway for the initial licensure process, allowing licensors to remain focused on completing 100% annual inspections Conducted internal reviews and research of the annual inspection checklists and recheck follow up timelines to support future adjustments to the inspection and recheck process Established a plan for annual informational audit presentations for staff understanding and collaboration on compliance The Department has implemented data-driven decisions to assist providers and their staff to meet health and safety requirements. Additionally, as part of its Collaborative Compliance initiative, the Department is focused on strengthening internal controls around all health and safety requirements and is confident that corrective actions taken will improve this area moving forward. Collaborative Compliance promotes collaboration, encourages innovation, and will focus more on human-centered technical assistance. This initiative prioritizes compliance for all health and safety requirements. Nonrelative FFN provider ongoing training and technical visits The Department partially concurs with the audit finding. The State Auditor’s Office (SAO) selected samples and examined 39 nonrelative providers that received child care payments during the audit period. In all instances, SAO found no issues of noncompliance or exceptions, all providers had their required trainings and technical visits as outlined in the Departments applicable health and safety WACs. The MERIT system and the WA Compass system are monitored by staff to ensure providers comply with health and safety requirements. The current WA Compass reports are real-time dashboards to assist staff with determining requirements that are due within 30, 60, 90 days. MERIT is the system of record for individual providers training requirements. Staff perform monitoring activities outlined in the reports to verify compliance, to include checking training completion dates in MERIT and updating WA Compass with the information. Once requirements are met in WA Compass the completed tasks are no longer reflected on the dashboard. The SAO maintained that the program is not auditable without the historical data showing compliance due dates to document monitoring activities including training requirements. The Department is committed to collaborating with SAO to determine an appropriate methodology that identify a sampling unit that can be used to accurately test internal controls around monitoring activities. Staff will continue to track and monitor FFN health and safety requirements with available tools and determine how to retain documentation to demonstrate this compliance for SAO. Auditor’s Remarks Regarding the nonrelative FFN provider ongoing training and technical visits, the Department could not provide a population comprised of only FFN providers who were required to meet the ongoing training and technical visits during the audit period. As such, from the report provided by the Department, we selected 55 providers, but only 39 were applicable to the requirement. Because this report only contains information on current provider status and training requirements, we could not get an accurate population for testing. We appreciate the Department’s commitment to improve its monitoring and compliance with health and safety requirements. We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 45 CFR Part 98.41, Health and safety requirements, states: a.Each Lead Agency shall certify that there are in effect, within the state (or other areas served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements must be applicable to child care providers of services for which assistance is provided under this part. Such requirements, which are subject to monitoring pursuant to § 98.42, shall: 1.Include health and safety topics consisting of, at a minimum: i.The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply: A.As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency. B.Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt: 1.Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting. 2.Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home. 3.Children whose parents object to immunizations on religious grounds. 4.Children whose medical condition contraindicates immunization. C.Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements. 1.The length of such grace period shall be established in consultation with the State, Territorial, or Tribal health agency 2.Any payment for such child during the grace period shall not be considered an error in improper payment under subpart K of this part 3.The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care 4.Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements; ii.Prevention of sudden infant death syndrome and use of safe sleeping practices; iii.Administration of medication, consistent with standards for parental consent; iv.Prevention and response to emergencies due to food and allergic reactions; v.And physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic; vi.Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment; vii.Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions; viii.Handling and storage of hazardous materials and the appropriate disposal of bio contaminants; ix.Appropriate precautions in transporting children, if applicable; x.Pediatric first aid and cardiopulmonary resuscitation; xi.Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph (e)of this section; and xii.May include requirements relating to: A.Nutrition (including age-appropriate feeding); B.Access to physical activity; C.Caring for children with special needs; or D.Any other subject area determined by the Lead Agency to be necessary to promote child development or protect children’s health and safety 2.Include minimum health and safety training on the topics above, as described in § 98.44 b.Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f). c.The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at § 98.42(c). d.Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address: 1.Group size limits for specific age populations; 2.The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and 3.Required qualifications for caregivers in child care settings as described at § 98.44(a)(4) e.Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 510a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area. Washington Administrative Code (WAC) 110-16-0025 Health and Safety Training: 1.A provider described in WAC 110-16-0015 (4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date: i.Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR): A.This training must be taken in person and the provider must demonstrate learned skills to the instructor. B.The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program. ii.Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and iii.Department approved health and safety training which includes the following topics areas: A.Prevention and control of infectious diseases; B.Administration of medication; C.Prevention of, and response to, emergencies due to food and allergic reactions; D.Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic; E.Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment; F.Emergency preparedness and response planning for natural disasters and human-caused events; G.Handling and storage of hazardous materials and the appropriate disposal of bio contaminants; H.Appropriate precautions in transporting children; I.Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and J.Other topic areas as determined by the Department. 2.A provider described in WAC 110-16-0015 (4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date: i.Child care basics, a department approved thirty-hour health and safety training ii.Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition 3.A provider described in WAC 110-16-0015 (4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following: i.Prevention and control of infectious diseases; ii.Emergency preparedness and response planning for natural disasters and human-caused events; iii.Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and iv.Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler. WAC 110-16-0030 Health and safety activities: 1.A provider described in WAC 110-16-0015 (4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided. 2.The purpose of the visit is to: a.Provide technical assistance to the provider regarding the health and safety requirements described in this chapter; b.Observe the provider’s interactions with the child, and discuss health and safety practices; c.Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and d.Provide regional contact information for FFN child care services and resources. 3.A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided. 4.At the annual, scheduled visit, the provider must show, unless previously provided to the department: a.Proof of identify; b.Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter; c.Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include: i.A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or ii.A current immunization record from the Washington state immunization information system (WA IIS). d.Written permission from the parent to: i.Allow children to use a swimming pool; ii.Administer medication for treatment of illnesses and allergies of the children in care; iii.Provide for and accommodate developmental and special needs; and iv.Provide transportation for care, activities, and school when applicable. e.The written emergency preparedness and response plan required in WAC 110-16-0035 (8)(c).
2025-039 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program. Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program 93.767 COVID-19 Children’s Health Insurance Program 93.775 State Medicaid Fraud Control Units 93.777 State Survey and Certification of Health Care Providers and Suppliers 93.778 Grants to States for Medicaid 93.778 COVID-19 Grants to States for Medicaid Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2405WA5MAP; 2405WA5ADM; 2505WA5MAP; 2505WA5ADM; 2405WA5021; 2505WA5021 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Tests and Provisions - Provider Eligibility (Screening and Enrollment) Known Questioned Cost Amount: $641 Prior Year Audit Finding: Yes, Finding 2024-075 Background The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.3 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and accounts for about half of the state’s federal expenditures. CHIP provides health coverage for more than 101,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2025, the Medicaid program spent more than $23.7 billion in federal and state funds and CHIP spent more than $303.7 million in federal and state funds. The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 215,000 participating providers in fiscal year 2025. During that time, the programs paid more than $19.1 billion to providers for direct client services. The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid. The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Additionally, the ProviderOne system is supposed to automatically update the providers’ license information to ensure the provider’s license is not expired. Federal law also requires state Medicaid agencies check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider. During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and an automated revalidation notice is being sent out 120 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (ProviderOne) is set to automatically deactivate the provider so that payments cannot be processed. The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types: Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination Conduct license verifications, including for licenses in states other than where the provider is enrolling Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the high-risk provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2022, however the Authority currently does not perform fingerprint-based criminal background checks and does not have an implementation date. The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation of the billing provider to allow for the payment of medical claims. Ownership disclosures are also received from providers, ensuring the Authority can screen people with ownership interest. To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements. The prior finding numbers were 2024-075, 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035. Description of Condition The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs. We reviewed the Authority’s procedures and determined that no process is in place to ensure enrollment staff are informed of providers who are high-risk due to Medicaid plan over-payments. Federal regulations and a state rule require providers identified as high risk to receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are still developing resources and procedures to fulfil this requirement in the future. We tested the automated controls within ProviderOne to determine if the system had safeguards in place to prevent payments to providers with expired professional licenses. We determined that the system does not automatically update the providers’ license expiration dates within ProviderOne and therefore would process payments to providers with expired licenses. Additionally, we found that ProviderOne did not appropriately deactivate providers when they were not revalidated by the five-year deadline. During the audit period, the Authority processed over 14,000 new provider enrollments and was required to perform ongoing eligibility determinations for over 215,000 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 59 new providers examined, we found one instance (1.6%) where the provider did not have an updated ownership disclosure. During the audit period, we identified almost 3,500 providers who received a revalidation notification. We used a statistical sampling method to randomly select and examine 58 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 58 providers examined, we found 35 instances (60%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found: Eleven providers who did not have an updated ownership disclosure. Nine providers who were not revalidated or deactivated by the revalidation due date. Fifteen providers who were missing both an updated ownership disclosure and were not revalidated or deactivated by the due date. We consider these internal control deficiencies to be a material weakness which led to material noncompliance. Cause of Condition Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place. For active providers, the interface that updates license expiration dates in ProviderOne was inadequate and did not update license expiration dates appropriately. Our audit also found that providers were able to submit claims for reimbursement even when the license documented in ProviderOne was expired. For provider revalidation, the automated revalidation process was inadequate for ensuring the Authority complied with the revalidation requirements. A defect in ProviderOne restarted the revalidation timeline for providers when the revalidation was still incomplete. The Authority stated that this defect was corrected in June 2025. Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks. Effect of Condition and Questioned Costs By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid and CHIP clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid and CHIP funds. By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We determined the Authority paid providers who had not been revalidated $641 in federal Medicaid funds and $641 in state funds. We used a statistical sampling method and therefore estimate likely questioned costs to be $38,666 in federal funds and $38,666 in state funds. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely questioned cost projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(a)(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Authority: Implement procedures to ensure high risk providers receive required fingerprint-based background checks Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services Implement internal controls designed to bring it into material compliance with the provider revalidation process Authority’s Response The Authority partially concurs with the finding. Fingerprint based criminal background checks The Authority concurs that a fingerprint-based criminal background check process for high-risk providers was not implemented during the audit period. In coordination with the Centers for Medicare & Medicaid Services (CMS) and the Washington State Patrol, the Authority has developed the required process and is in the final stages of implementation. The program is expected to be launched by March 31, 2026, and will apply to all providers designated as high risk. Updated license information in ProviderOne ProviderOne automatically end-dates associated taxonomies when a professional license on a provider record expires. However, when a provider is enrolled with multiple agencies and only one associated license has expired, the system does not currently end-date the related taxonomies. At this time, 37 of 113,940 servicing-only providers are affected. None of the approximately 9,000 billing providers are impacted. HCA will submit a system change request by March 1, 2026, to ensure applicable taxonomies are automatically end-dated in these scenarios. In the interim, HCA will implement a weekly report to identify affected providers and manually end-date the applicable taxonomies until the system enhancement is deployed. ProviderOne did not timely deactivate providers ProviderOne is designed to automatically inactivate a provider’s domain when revalidation is not completed timely. Due to an operational issue, a limited number of providers were not deactivated as required. Currently, 50 of approximately 9,000 billing providers are impacted. HCA will submit a system change request by March 1, 2026, to remediate this issue and prevent recurrence. In the interim, HCA will conduct weekly monitoring and manually inactivate affected provider domains until the system correction is implemented. Ownership disclosures The Authority does not concur with the determination that it is not in compliance with federal requirements governing ownership disclosures. The Authority’s process requires providers to review and attest to ownership disclosure information maintained by HCA as part of the revalidation process. The Authority believes this process meets the requirements of 42 C.F.R. 455.104 and appropriately balances regulatory compliance with administrative efficiency. The Authority submitted its procedures to CMS on February 23, 2026, and requested clarification and guidance to ensure continued alignment with federal expectations. Providers not revalidated or deactivated by the five-year deadline In July 2024, the Authority’s revalidation backlog totaled 792 providers. Through focused operational improvements and targeted resource deployment, the backlog was substantially reduced to three providers as of June 30, 2025. The Authority remains committed to continuous process improvement to sustain timely revalidations and prevent future backlog growth. Auditor’s Remarks Federal regulations require the Authority to obtain and review ownership disclosures from providers during the revalidation process. We reaffirm our finding and will review the status of the Authority’s corrective action during our next audit. Applicable Laws and Regulations Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments. Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part: Section 438.602 State responsibilities (b) Screening and enrollment and revalidation of providers. (1) The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries. (2) MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees. (c) Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c). (d) Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c). Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part: Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control. (a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities. (b) When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: (1) (i) The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address. (ii) Date of birth and Social Security Number (in the case of an individual) (iii) Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. (2) Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. (3) The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. (4) The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). (c) When the disclosures must be provided – (1) Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times: (i) Upon the provider or disclosing entity submitting the provider application. (ii) Upon the provider or disclosing entity executing the provider agreement. (iii) Upon request of the Medicaid agency during the revalidation of enrollment process under § 455.414. (iv) Within 35 days after any change in ownership of the disclosing entity. (2) Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times: (i) Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process. (ii) Upon the fiscal agent executing the contract with the State. (iii) Upon the renewal or extension of the contract. (iv) Within 35 days after any change in ownership of the fiscal agent. (3) Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times: (i) Upon the managed care entity submitting the proposal in accordance with the State’s procurement process. (ii) Upon the managed care entity executing the contract with the State. (iii) Upon renewal of the contract. (iv) Within 35 days after any change in ownership of the managed care entity. (4) Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section. (d) To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency. (f) Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section. Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part: Section 455.410 Enrollment and screening of providers (a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart. (b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. (c) The State Medicaid may rely on the results of the provider screening performed by any of the following: (1) Medicare contractors (2) Medicaid agencies or Children’s Health Insurance Programs of other States. Section 455.412 Verification of provider licenses The State Medicaid agency must – (a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. (b) Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license. Section 455.414 Revalidation of enrollment The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years. Section 455.436 Federal database checks The State Medicaid agency must do all of the following (a) Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. (b) Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. (c) (1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and (2) Check the LEIE and EPLS no less frequently than monthly. Section 455.450 Screening levels for Medicaid providers. A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. (a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following: (1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination. (2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412. (3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436. (b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following: (1) Perform the “limited” screening requirements described in paragraph (a) of this section. (2) Conduct on-site visits in accordance with § 455.432. (c) Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following: (1) Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section. (2) (i) Conduct a criminal background check; and (ii) Require the submission of a set of fingerprints in accordance with § 455.434. (d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its – (1) Application denied under § 455.434; or (2) Enrollment reminder under § 455.416 (e) Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs: (1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years. (2) The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted. Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Medicaid Provider Enrollment Compendium (MPEC) B. Enrolled Provider’s Payment Eligibility for Retroactive Dates of Service The practice of “backdating” enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the provider was not present at the site on the date of service for which the provider is subsequently approved to bill. It is incumbent upon the SMA to mitigate risk of improper payments as it determines a provider’s eligibility for enrollment, including the date upon which a provider is deemed eligible to service Medicaid beneficiaries. The SMA should have a process to determine whether and when it is appropriate to approve an enrollment with a retroactive billing date, as doing so represents the SMA’s determination of prior compliance. This process should be designed to mitigate risk. Factors the SMA must take into consideration when approving a retrospective billing date include, but may not be limited to: • Survey or certification requirements that supersede a state’s ability to determine prior compliance Factors the SMA might take into consideration when approving a retrospective billing date may include, but are not limited to: • Emergency access • Pre-authorization • Whether a provider is enrolled in Medicare or another state’s Medicaid Program CMS recommends documenting the basis for establishing an enrollment with a retroactive billing eligibility date. Medicaid payment issued to a provider prior to the SMA’s screening and enrollment of the provider is an improper payment, unless an exception applies as described under Section 1.5.1. Washington Administrative Code AC – 182-502-0005 Provider enrollment—Core provider agreement (CPA) or nonbilling provider agreement, states: (1) The agency only enrolls a health care professional, health care entity, supplier, or contractor of service through approval of an application for: (a) A core provider agreement (CPA); (b) A nonbilling provider agreement; or (c) Adding a servicing provider under either a CPA or a nonbilling provider agreement. (2) The agency may enter into a single case agreement or other forms of written agreements with a health care professional, health care entity, supplier, or contractor of service. (3) Servicing providers must comply with the requirements for providers in the agreement under which they are enrolled and agency rules. (4) Only a licensed health care professional whose scope of practice includes ordering, prescribing, or referring under their licensure may enroll as a nonbilling provider. (5) An individual who is enrolled through a nonbilling provider agreement is exempt from the rules in WAC 182-502-0160 and may bill a client for health care services when: (a) The provider is not enrolled with a managed care organization (MCO) that has a contract with the agency under WAC 182-538-067; (b) The provider is not acting in their capacity as an ordering, prescribing, or referring provider of health care services for clients; and (c) The provider documents that the client was informed prior to the delivery of services that: (i) The provider is enrolled only for purposes of ordering, prescribing, or referring health care services for clients; and (ii) The client may be billed for the health c
2025-040 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program 93.767 COVID-19 Children’s Health Insurance Program 93.775 State Medicaid Fraud Control Units 93.777 State Survey and Certification of Health Care Providers and Suppliers 93.778 Grants to States for Medicaid 93.778 COVID-19 Grants to States for Medicaid Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2405WA5MAP; 2405WA5ADM; 2505WA5MAP; 2505WA5ADM; 2405WA5021; 2505WA5021 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Tests and Provisions - Managed Care Financial Audit Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-074 Background The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.3 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and accounts for about half of the state’s federal expenditures. CHIP provides health coverage for more than 101,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2025, the Medicaid program spent more than $23.7 billion in federal and state funds and CHIP spent more than $303.7 million in federal and state funds. Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2025, the Authority contracted with five MCOs and paid them more than $9.5 billion for Medicaid and CHIP services. Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS). Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2024-074, 2023-073, 2022-054 and 2021-048. Description of Condition The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The Authority’s MCO contracts, which applied to the audited financial reports submitted during the audit period, allowed the option for MCOs to submit audited financial reports prepared in accordance with statutory accounting principles (SAP). This preparation method is not an acceptable accounting method under federal regulations. The Authority accepted audited financial reports in accordance with SAP from all five MCOs. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition Authority officials said that MCOs were allowed to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements. The Authority implemented new MCO contract language in January 2025 requiring MCOs to submit audited financial reports in accordance with GAAP, but this requirement will only apply to reports submitted in future audit periods. Effect of Condition When it does not collect proper audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete financial information. Recommendation We recommend the Authority ensure MCO contracts require audits of financial statements that are conducted in accordance with GAAP and GAAS. Authority’s Response The Authority implemented new contract language in January 2025 requiring MCOs to submit audited financial reports in accordance with GAAP and GAAS. MCOs are required to submit the GAAP and GAAS statements beginning with the June 2026 submission. Auditor’s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 42 CFR Part 438, section 3, Standard Contract Requirements, states in part: (m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-041 The Health Care Authority improperly charged $5,634,756 to the Medicaid Program. Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units 93.777 State Survey and Certification of Health Care Providers and Suppliers 93.778 Grants to States for Medicaid 93.778 COVID-19 Grants to States for Medicaid Federal Grantor Name: U.S. Department of Health and Humans Services Federal Award/Contract Number: 2405WA5MAP; 2405WA5ADM; 2505WA5MAP; 2505WA5ADM Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $5,634,756 Prior Year Audit Finding: No Background Medicaid is a jointly funded state and federal partnership providing coverage for about 2.3 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and accounts for about half of the state’s federal expenditure. During fiscal year 2025, the program spent more than $23.7 billion in federal and state funds. The Health Care Authority pays for Ground Emergency Medical Transportation (GEMT) using procedure code A0999. Providers are required to use procedure code A0999 to receive GEMT supplemental payments and the procedure code is set to pay the federal share of the difference between the Medicaid payable amount and the established average cost per transport. These services are calculated by using the average cost per transport minus the Medicaid reimbursement for transportation and milage multiplied by the federal medical assistance percentage. This is automatically calculated in the states’ Medicaid Management Information System, ProviderOne. In fiscal year 2025, the state Medicaid program paid about $80.6 million to providers for GEMT services. Description of Condition The Authority improperly charged $5,634,576 to the Medicaid program. We found the Authority had adequate internal controls to ensure it materially complied with requirements to use Medicaid funds only for allowable activities. However, for the period of January 1, 2025, to April 24, 2025, we found the Authority used an incorrect methodology and made payments to providers for GEMT services at the incorrect amounts. The Authority identified and corrected the error on April 25, 2025, but did not correct any payments during the remainder of the audit period. During our review, we identified 5,592 claims which were overpaid for GEMT services using the incorrect methodology. Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the questioned costs exceed that threshold. This issue was not reported as a finding in the prior audit. Cause of Condition After a rate update, the ProviderOne system began paying at the amount the provider billed instead of using the proper methodology. The system error was corrected after the Authority detected the ProviderOne system was using the improper payment rate. Effect of Condition and Questioned Costs The federally funded improper portion of the payments to providers for GEMT services totaled $5,634,756. We are questioning these costs. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Authority: Ensure it uses the correct methodology to pay for GEMT services Consult with the federal grantor to discuss whether the questioned costs identified in the audit should be repaid Authority’s Response The Authority concurs there was an error that occurred during a system update that caused GEMT rates to pay incorrectly. The Authority identified the issue prior to the audit and is in the process of recouping the funds from providers. The funds will be returned during the one-year window allowed under 42 CFR 433.300. The Authority will add this issue to its regression testing scenarios to prevent this error from happening in the future and will work with the Centers for Medicare & Medicaid Services to confirm the funds were returned. Auditor’s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit. Applicable Laws and Regulations Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments. Title 45 CFR Part 75.2, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards establishes definitions for questioned costs. Part 75.410 establishes requirements for the collection of unallowable costs. Title 45 CFR Part 75, section 403, Uniform Guidance, establishes the factors affecting the allowability of costs. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
2025-042 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units 93.777 State Survey and Certification of Health Care Providers and Suppliers 93.778 Grants to States for Medicaid 93.778 COVID-19 Grants to States for Medicaid Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2405WA5MAP, 2405WA5ADM, 2505WA5MAP, 2505WA5ADM Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Tests and Provisions - Utilization Control Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-081 Background Medicaid is a jointly funded state and federal partnership providing coverage for about 2.3 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and accounts for about half of the state’s federal expenditures. During fiscal year 2025, the program spent more than $23.7 billion in federal and state funds. Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that: Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments; Assesses the quality of those services; Provides for the control of the utilization of all services provided under the under plan; and Provides for the control of the utilization of inpatient services Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth and Families. The Centers for Medicare and Medicaid Services considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to: (1) Monitor the statewide utilization control program; (2) Take all necessary corrective action to ensure the effectiveness of the program; (3) Establish methods and procedures to implement this section; (4) Keep copies of these methods and procedures on file; and (5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program. Federal regulation also requires the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider services profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2024-081, 2023-082, 2022-061 and 2021-050. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements. We found that the Authority performs various types of program integrity and control utilization reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services. Furthermore, the federal grantor sustained the two prior audit findings for utilization control through issuances of management decision letters to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements. Effect of Condition By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments. Furthermore, the Authority did not meet federal program integrity requirements, and it could be subject to federal sanctions because it has not established a statewide surveillance and utilization program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan. Recommendations We recommend the Authority: Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services Implement and monitor a statewide surveillance and utilization control program Implement adequate internal controls to ensure they comply with utilization controls requirements Authority’s Response The Authority concurs with the finding and is committed to resolving the issues identified during the audit. The Authority is assessing its statewide surveillance and utilization control program. The results of this analysis will be used to determine any additional work or staffing required to fully comply with standards and align existing statewide workflows within the program. The analysis will also be used to finalize policies, procedures, and internal controls. Auditor’s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part: Section 456.1 Basis and purpose of part. (a) This part prescribes requirements concerning control of the utilization of Medicaid services including – (1) A statewide program of control of the utilization of all Medicaid services; … (b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part. (1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. … Section 456.2 State plan requirements. (a) A State plan must provide that the requirements of this part are met. (b) These requirements may be met by the agency by: (1) Assuming direct responsibility for assuring that the requirements of this part are met; or (2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. … Section 456.3 Statewide surveillance and utilization control program. The Medicaid agency must implement a statewide surveillance and utilization control program that – (a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments; (b) Assesses the quality of those services; (c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and (d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part. Section 456.4 Responsibility for monitoring the utilization control program. (a) The agency must – (1) Monitor the statewide utilization control program; (2) Take all necessary corrective action to ensure the effectiveness of the program; (3) Establish methods and procedures to implement this section; (4) Keep copies of these methods and procedures on file; and (5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program. Section 456.5 Evaluation criteria. The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D. Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part: Section 456.21 Scope. This subpart prescribes utilization control requirements applicable to all services provided under a State plan. Section 456.22 Sample basis evaluation of services. To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services. Section 456.23 Post-payment review process. The agency must have a post-payment review process that – (a) Allows State personnel to develop and review – (1) Beneficiary utilization profiles; (2) Provider service profiles; and (3) Exceptions criteria; and (b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-043 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited financial and statistical records for inpatient hospital services. Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units 93.777 State Survey and Certification of Health Care Providers and Suppliers 93.778 Grants to States for Medicaid 93.778 COVID-19 Grants to States for Medicaid Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2405WA5MAP, 2405WA5ADM, 2505WA5MAP, 2505WA5ADM Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-080 Background Medicaid is a jointly funded state and federal partnership providing coverage for about 2.3 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and accounts for about half of the state’s federal expenditures. In fiscal year 2025, the Medicaid program spent more than $23.7 billion in federal and state funds, including more than $339 million to hospitals for inpatient services. The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan. The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Beginning January 1, 2024, the plan was amended stating that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit the financial and statistical records of participating providers as needed. This should include the cost report data used for rate setting as well as hospital billings. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2024-080, 2023-081, 2022-060, 2021-051 and 2020-049. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited financial and statistical records for inpatient hospital services. During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit financial and statistical records, including cost report data used for rate setting and hospital billings, which federal law, state regulations and the state plan require. Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Authority did not establish policies and procedures to ensure it periodically audited the financial and statistical records, including cost report data and hospital billings, for inpatient hospital services. The Authority has received findings and recommendations over this requirement each year since 2020. Despite the Centers for Medicare and Medicaid Services reviewing and concurring with the finding results for all fiscal years, the Authority has responded that is does not concur with the finding, and therefore with the federal grantor, and has not implemented corrective actions to address the issues identified. Effect of Condition By not ensuring that it periodically audits financial and statistical records, including cost report data and hospital billings, the Authority increases its risk of improperly paying for inpatient hospital services. Recommendations We recommend the Authority: Establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements Document audit methodology in the state plan Authority’s Response The Authority does not concur with the finding and will continue to consult with the Centers for Medicare & Medicaid Services regarding resolution. Auditor’s Remarks The Center for Medicare and Medicaid Services has agreed with our prior findings in their previous management decisions on this issue. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of impatient hospitals are audited. We reaffirm our finding and will review the status of the Authority’s corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part: (a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart. (f) Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider. (g) Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers. (i) Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan. Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part: 3. Financial Audit Requirements The financial and statistical records of participating providers will be periodically reviewed and audited by the agency as necessary. Washington Administrative Code (WAC) Chapter 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services. WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part: (4)The medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to: a. The revenue codes assigned to specific cost centers on the medicaid cost report schedules. b. The inpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan. c. The outpatient charges by revenue codes for uninsured patients and medicaid clients enrolled in an MCO plan. d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and medicaid clients enrolled in an MCO plan. WAC 182-550-5700 Hospital reports and audits, states in part: (4) The agency will periodically audit the financial and statistical records of participating providers as needed. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-044 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units 93.777 State Survey and Certification of Health Care Providers and Suppliers 93.778 Grants to States for Medicaid 93.778 COVID-19 Grants to States for Medicaid Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2405WA5MAP; 2405WA5ADM; 2505WA5MAP; 2505WA5ADM Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Tests and Provisions – Provider Health and Safety Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-076 Background Medicaid is a jointly funded state and federal partnership providing coverage for about 2.3 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and accounts for about half of the state’s federal expenditures. During fiscal year 2025, the program spent more than $23.7 billion in federal and state funds. The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency and is also responsible for investigating hospital complaints. The Department’s Office of Investigative and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys. Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and evidence their review by affixing a dated electronic stamp on the complaint document. The complaint is delivered to the Department’s Office of Health Systems Oversight and an electronic copy is uploaded to a secure drive. The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents. Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations. When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing. The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals. Priority levels and response times for non-deemed hospitals Priority levels Required response times Immediate Jeopardy Initiate onsite survey within two business days of receipt Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization Non-Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey Priority levels and response times for deemed hospitals Priority levels Required response times Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s) Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s) The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements. If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System to initiate an investigation. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding numbers were 2024-076 and 2023-076. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. Complaint intake and monitoring The complaint intake staff review the complaints as they receive them to ensure they meet required initial assessment timelines. Staff evidence their review of the complaint through a dated electronic stamp on the complaint document. We used a statistical sampling method and randomly selected and examined 58 complaints out of a total population of 1,792. We found that four complaints (6.9%) were not stamped with a date. In addition, the Department utilizes reports from the ILRS support team. The Operations Manager and Management analyst perform a monthly review with these reports to ensure the OILS unit met the initial assessment timeline. This monitoring control was new and was not in place for seven of the 12 months (58%) during our audit period. Complaint review timeline The Department received 1,792 hospital complaints during state fiscal year 2025. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 237 complaints (13%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 25 days. In addition, the Department did not review 230 complaints (13%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 55 days. Response time to federal level complaints The Department determined 72 complaints met the federal investigation complaint threshold during state fiscal year 2025. We evaluated 13 of the 72 complaints to ensure the priority level and response times for each complaint were within the required timelines. We found that the Department did not initiate one investigation within the required timeline for non-immediate jeopardy (with high prioritization) against a deemed facility (8%). The investigation was initiated 50 days after it was authorized for investigation by CMS, five days later than the 45 days allowed. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department experienced staffing shortages for a significant period, which contributed to its failure to comply with the 21-day basic assessment period. The Department also asserted that the ILRS system was not configured to accurately capture the dates of when program staff reviewed complaints for imminent danger until August 2024 and monitoring of performance measures were not developed until February 2025. Effect of Condition When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility. Recommendation We recommend the Department strengthen internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the CMS State Operations Manual require. We also recommend staff communicate potential delays on investigations promptly to CMS to ensure response to federal complaints are initiated in accordance with required timelines. Department’s Response We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs with the findings. The Department asserts that it now has adequate internal controls in place for timely review of hospital complaints and has developed performance measures which are actively monitored on a monthly basis to assess compliance with federal requirements. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states: Initial assessment of reports. 1.Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete. 2. The basic time period for initial assessment is twenty-one days. 3.All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing. The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part: Section 5010 –General Intake Process A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients. Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice…. For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on-site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMTALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation. … CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation…. Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents Intake Prioritization Provider Type Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt. Immediate Jeopardy (IJ) SA must initiate an onsite survey within 2 business days of receipt of RO authorization. Non-IJ High SA must initiate an onsite survey within 45 calendar days of prioritization. Non-IJ Medium SA must investigate no later than when the next onsite survey occurs. Non-IJ Low SA must track/trend for potential focus areas during the next onsite survey. Provider Type Deemed providers/suppliers Immediate Jeopardy (IJ) SA must initiate an onsite survey within 2 business days of receipt of RO authorization. Non-IJ High SA must initiate an onsite survey within 45 calendar days of receipt of RO authorization. Non-IJ Medium Complainant is referred to the applicable accrediting organization(s). Non-IJ Low Complainant is referred to the applicable accrediting organization(s). Provider Type EMTALA Immediate Jeopardy (IJ) SA must initiate an onsite survey within 2 business days of receipt of RO authorization. Non-IJ High SA must initiate an onsite survey within 45 calendar days of receipt of RO authorization. Non-IJ Medium N/A Non-IJ Low N/A
2025-045 The Department of Health did not have adequate internal controls to ensure it complied with transplant hospital survey statement of deficiencies and plan of corrections timelines. Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units 93.777 State Survey and Certification of Health Care Providers and Suppliers 93.778 Grants to States for Medicaid 93.778 COVID-19 Grants to States for Medicaid Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: 2405WA5MAP; 2405WA5ADM; 2505WA5MAP; 2505WA5ADM Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Known Questioned Cost Amount: None Prior Year Audit Finding: No Background Medicaid is a jointly funded state and federal partnership providing coverage for about 2.3 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and accounts for about half of the state’s federal expenditures. During fiscal year 2025, the program spent more than $23.7 billion in federal and state funds. The Department must perform a federal certification survey of each transplant hospital at least every five years. The certification survey gathers information about the quality of service provided in a facility to determine compliance with participation requirements. The survey process also focuses on the transplant hospital’s performance of patient-focused and organizational functions and processes. Furthermore, the survey assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services. The State must complete a standard survey of each transplant hospital within five years following the previous survey. All hospital surveyors should have the necessary training and experience to conduct a hospital survey. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. After the facility submits a POC, the Department determines the appropriateness of the POC. If the facility fails to submit a POC, the provider agreement may be terminated. Federal regulations require recipients to establish, document and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls to ensure it complied with transplant hospital survey SOD and POC timelines. The Department is currently responsible for surveying 23 hospitals in the state, five of which are transplant hospitals (22%). The Department tracks the mailing of SODs and receipt of POCs for non-transplant facilities through the Department’s Integrated Licensing and Regulatory System (ILRS). Management and the surveyors use ILRS to monitor critical stages of the survey including the mailing of the SODs and when the POCs are received from the facilities. However, we determined the Department does not follow the same process for transplant hospitals. The survey lead for transplant hospitals creates a Microsoft Outlook calendar notification indicating when the POC is due from the facility. However, these reminders are not monitored and delays may occur without management’s awareness. We also found that the Department does not monitor SODs to ensure they are communicated to transplant hospitals within the required timelines. We consider these internal control deficiencies to be a material weakness, which did not lead to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition When designing internal controls, Department management did not implement adequate tracking for surveys conducted for transplant hospitals. Effect of Condition Without ensuring that SODs and POCs are communicated and received on time, the state is at risk of delaying implementation of corrective actions by noncompliant facilities providing Medicaid services. In addition, clients receiving care could be at increased risk of abuse, mistreatment, neglect or substandard care. Recommendation We recommend the Department establish adequate internal controls to ensure compliance with SOD and POC on-time requirements. Department’s Response We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. DOH is committed to ensuring our programs comply with federal regulations and concurs with the finding. Prior to the commencement of this audit, DOH has developed and implemented a management tracker that actively monitors transplant hospitals SODs issuance and POCs due dates. The Department asserts that it now has adequate internal controls in place. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 42 CFR. Part 488, Survey Certification, and Enforcement Procedures section 28 - Providers or suppliers, other than SNFs, NFs, HHAs, and Hospice programs with deficiencies states in part: a.If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance. b.The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients nor are of such character as to seriously limit the provider's capacity to render adequate care. c. 1.If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance. 2.The amount of time depends upon the— (i)Nature of the deficiency; and (ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care. d.Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding. The Center for Medicare and Medicaid Services, State Operations Manual Chapter 5, Appendix A – Survey Protocol, Regulations and Interpretive Guidelines for Hospitals, states in part: Closure Explain that a statement of deficiencies (Form CMS-2567) will be mailed within 10 working days to the hospital. Explain that the Form CMS-2567 is the document disclosed to the public about the facility’s deficiencies and what is being done to remedy them. The Form CMS2567 is made public no later than 90 calendar days following completion of the survey. It documents specific deficiencies cited, the facility’s plans for correction and timeframes, and it provides an opportunity for the facility to refute survey findings and furnish documentation that requirements are met. Inform the facility that a written plan of correction must be submitted to the survey agency within 10 calendar days following receipt of the written statement of deficiencies.
2025-046 The Department of Social and Health Services, Home and Community Living Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes. Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units 93.777 State Survey and Certification of Health Care Providers and Suppliers 93.778 Grants to States for Medicaid 93.778 COVID-19 Grants to States for Medicaid Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2405WA5MAP; 2405WA5ADM; 2505WA5MAP; 2505WA5ADM Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-079 Background Medicaid is a jointly funded state and federal partnership providing coverage for about 2.3 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and accounts for about half of the state’s federal expenditures. During fiscal year 2025, the program spent more than $23.7 billion in federal and state funds and had 195 Medicaid certified nursing homes. Residential Care Services (RCS), under the Department of Social and Health Services, Home and Community Living Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board, and laundry to people who receive care and services under Medicaid. The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services. The standard survey involves eight procedural steps that must be completed, as well as a review of nursing home employee background checks, to adequately assess each nursing home facility’s compliance with these standards. The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within five working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2024-079, 2023-079 and 2020-054. Description of Condition The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes. The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility. We found the Department did not ensure that all recertification surveys were completed timely. The Department did not adequately monitor the tracking sheet and complete surveys for 15 nursing homes in fiscal year 2025 within the required 15.9 months and did not meet the 12.9-month statewide average. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2025, the statewide average for nursing home surveys was 25.39 months. Additionally, we noted that two out of 21 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department. We also noted that two out of 21 surveys conducted during the fiscal year did not complete all the required survey procedures, including one survey that did not include the necessary review of employee background checks. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys, which extended the survey timelines. In addition, management did not adequately monitor its survey schedules to ensure compliance in meeting the survey timeline or the survey process to ensure all surveys were completed. Effect of Condition Without conducting recertification surveys timely and completely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care. By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor. Recommendations We recommend the Department: Establish adequate internal controls to ensure compliance with facility survey completion and timeliness requirements Conduct a follow-up on any surveys missing the required procedures and employee background check reviews Ensure it completes recertification surveys within 15.9 months for each nursing home and meets the 12.9-month statewide average Department’s Response The Department partially agrees with the finding. The Department’s internal controls are adequate to ensure compliance with facility survey completion and timeliness of requirements. Due to the COVID pandemic there was a Public Health Exemption (PHE) that prevented the Department from completing surveys on the normal timeline. Once the PHE was lifted, the Department worked quickly to meet the backlog demand. Multiple states, including Washington, voiced concern to CMS that statistically it would be impossible to meet the 12.9 month average immediately, and movement of the bell curve would take multiple years. CMS agreed with the states’ position and in FFY24 they removed the 12.9 data point from the State Performance measurement report. According to the Nov. 2025 State Performance measurement FY25 report, Washington State had improved and the Department is now at 12.9 months, which is better than the CMS reported national average of 14.3 months. In 2024, the CMS State Performance measurement for the FY24 report reflected that the Department was at 80.3% and “partially met” threshold for the 15.9 month recertification standard (CMS requires a corrective action plan for 70% or lower, therefore the Department was not required to submit a corrective action plan to CMS). In FY25, the Department was at 93.2% demonstrating consistent improvement and that the Department’s process for regularly meeting and reviewing the data with our teams resulted in a steady decrease in the average intervals. The Department will continue to use recertification reports, tracking sheets, and monthly meetings to ensure compliance with recertification timelines. The Department will be in compliance with the 15.9 recertification standards by August 31, 2026. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 42 U.S. Code of Federal Regulations (CFR) Subchapter G Standards and Certification, Part 488 section 110, Procedural Guidelines states in part: SNF/ICF Survey Process. The purpose for implementing a new SNF/ICF survey process is to assess whether the quality of care, as intended by the law and regulations, and as needed by the resident, is actually being provided in nursing homes. Although the onsite review procedures have been changed, facilities must continue to meet all applicable Conditions/Standards, in order to participate in Medicare/Medicaid programs. That is, the methods used to compile information about compliance with law and regulations are changed; the law and regulations themselves are not changed. The new process differs from the traditional process, principally in terms of its emphasis on resident outcomes. In ascertaining whether residents grooming and personal hygiene needs are met, for example, surveyors will no longer routinely evaluate a facility's written policies and procedures. Instead, surveyors will observe residents in order to make that determination. In addition, surveyors will confirm, through interviews with residents and staff, that such needs are indeed met on a regular basis. In most reviews, then, surveyors will ascertain whether the facility is actually providing the required and needed care and services, rather than whether the facility is capable of providing the care and services. Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part: Section 488.308 Survey frequency. (a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey. (b) Statewide average interval. (1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section. (2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320. (d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey. Title 45 CFR Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part: 2138G – Schedule for Recertification The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141) 2728 – Statement of Deficiencies and Plan of Correction, Form-2567 The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B. The Department of Social and Health Services, Residential Care Services Division Standard Operating Procedure: Chapter 18G Electronic Plan of Correction (ePOC) - NH, states in part: Purpose When an entity has received a citation, they must provide RCS with an ePOC within 10 calendar days of receiving the SOD from RCS. The ePOC must include the date each deficiency has been or will be corrected. Correction dates must not exceed 45 calendar days from the exit date, unless approved by the FM. The 45-calendar day count begins with the next full day after exit. Procedure ePOC Notification 1. The regulator will: a. Inform the entity prior to exit that a SOD report will be issued within 10 WDs of exit date, through the ePOC system. b. Inform the entity prior to exit that the POC must be completed for each cited deficiency in the SOD and returned to the department through the ePOC system within 10 calendar days of receiving the SOD report. c. When necessary to protect resident health, safety, or welfare, the regulator may request a written safety plan submitted by the entity before exiting. Review of ePOC 1. The regulator will: a. Review the ePOC within five WDs of receipt (or request the FM review if the regulator will not be available). Confirm the ePOC for each deficiency includes: 1) How the entity will correct the deficiency for each numbered resident. 2) How the entity will protect residents from similar situations. 3) Measures the entity will take or the systems it will change to ensure that the problem does not recur. 4) How the entity plans to monitor its ongoing performance to sustain compliance. 5) Dates corrective action will be completed; and 6) Title of person responsible for correction. b. If the ePOC does meet the required elements listed above, notify the FM and Unit AA3 that the ePOC is accepted and save the survey packet to the shared drive. c. If the ePOC does not meet the required elements listed above, review the missing elements with the FM to determine if the FM agrees that the ePOC does not meet the required elements. Document the reason for the rejection in ePOC for each deficiency cited and that the entity was contacted out of courtesy to ensure open communication. This should also be documented on the POC form or the CMS 807 as part of the revisit working papers. ePOC Not Received 1. If the ePOC is not received by the 10th calendar day (or next WD if the 10th calendar day falls on a weekend or holiday): a. the ePOC system will email the administrator and remind them to submit the documentation to the department. The system will continue to send daily reminders to both the entity and the FM until the ePOC is complete. b. If the administrator does not respond to the first email reminder within one working day, the unit AA3 will: 1) Call the administrator on the next WD and remind them to submit the ePOC within the next 24 hours. 2) Document the date and time of the call. c. If the ePOC is still not received by the 15th calendar day following the exit date, the FM will: 1) Determine if an unannounced on-site revisit needs to be conducted. 2) Call or meet with the NH to: a) Review the department’s concerns related to the NH’s failure to submit an ePOC that meets the required elements; and b) Obtain the ePOC. d. If the NH is unable or unwilling to comply with ePOC requirements, initiate a recommendation for enforcement remedy through the Enforcement page in STARS. Washington Administrative Code (WAC) 388-97-1800 Criminal history disclosure and background inquiries states in part: (1) As used in this section, the term "nursing home" includes a nursing facility and a skilled nursing facility. (2) The nursing home must: (a) Have a valid criminal history background check for any individual employed, directly or by contract, or any individual accepted as a volunteer or student who may have unsupervised access to any resident; and (b) Repeat the check every two years.
2025-047 The Department of Social and Health Services, Home and Community Living Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities. Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units 93.777 State Survey and Certification of Health Care Providers and Suppliers 93.778 Grants to States for Medicaid 93.778 COVID-19 Grants to States for Medicaid Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2405WA5MAP; 2405WA5ADM; 2505WA5MAP; 2505WA5ADM Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-078 Background Medicaid is a jointly funded state and federal partnership providing coverage for about 2.3 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and accounts for about half of the state’s federal expenditures. During fiscal year 2025, the program spent more than $23.7 billion in federal and state funds and had three Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) that were Medicaid certified. Residential Care Services (RCS), under the Department of Social and Health Services, Home and Community Living Administration, is the State’s ICF/IID survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid. The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services. The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months, as required by Centers for Medicare and Medicaid Services. All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2024-078, 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046. Description of Condition The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities. The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines. We found the Department did not ensure that all recertification surveys were completed timely. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9-month statewide average. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2025, the statewide average for the three surveys was 13.5 months. Additionally, we noted that one of the three surveys reviewed during the fiscal year contained POCs that were reviewed 53 days after receipt, considerably after the five-day period required by the Department. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog, there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state. In addition, management did not adequately monitor its survey schedules to ensure compliance in meeting the survey timelines. Effect of Condition Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care. By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor. Recommendations We recommend the Department: Establish adequate internal controls to ensure compliance with facility survey timeliness requirements Ensure it completes recertification surveys within 15.9 months and within the 12.9-month statewide average Department’s Response The Department partially agrees with the finding. The Department’s internal controls are adequate to ensure compliance with facility survey completion and timeliness of requirements. Due to the COVID pandemic, there was a Public Health Exemption (PHE) that prevented the Department from completing surveys on the normal timeline. Once the PHE was lifted, the Department worked quickly to meet the backlog demand in addition to the complaint investigations that the ICF-IID team were responsible for. Multiple states, including Washington, voiced concern to CMS that statistically it would be impossible to meet the 12.9 month average immediately, and movement of the bell curve would take multiple years. CMS agreed with the states’ position and in FFY24 they removed the 12.9 data point from the State Performance measurement report. In FY24, the auditor’s report stated the statewide survey interval average was 22.1. The FY25 SAO audit showed the statewide survey interval average of 13.5, which is an 8.6-month improvement in the survey interval proving that the current internal controls are working effectively. The Department will continue to use the current tracking system, reports and monthly meetings to ensure survey timelines requirements are met by August 31, 2026. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part: Section 442.109 – Certification period for ICF/IIDs: General Provisions (a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey. (b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section. (c) The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent survey for each participating facility to the last day of each facility's previous survey. Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part: Section 488.28 – Providers or suppliers, other than SNFs, NFs, HHAs, and Hospice programs with deficiencies (a) If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance. (b) The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients nor are of such character as to seriously limit the provider's capacity to render adequate care. (c) (1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance. (2) The amount of time depends upon the - (i) Nature of the deficiency; and (ii) State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care. (d) Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding. Section 488.110, Procedural Guidelines states in part: SNF/ICF Survey Process. The purpose for implementing a new SNF/ICF survey process is to assess whether the quality of care, as intended by the law and regulations, and as needed by the resident, is actually being provided in nursing homes. Although the onsite review procedures have been changed, facilities must continue to meet all applicable Conditions/Standards, in order to participate in Medicare/Medicaid programs. That is, the methods used to compile information about compliance with law and regulations are changed; the law and regulations themselves are not changed. The new process differs from the traditional process, principally in terms of its emphasis on resident outcomes. In ascertaining whether residents grooming and personal hygiene needs are met, for example, surveyors will no longer routinely evaluate a facility's written policies and procedures. Instead, surveyors will observe residents in order to make that determination. In addition, surveyors will confirm, through interviews with residents and staff, that such needs are indeed met on a regular basis. In most reviews, then, surveyors will ascertain whether the facility is actually providing the required and needed care and services, rather than whether the facility is capable of providing the care and services. Title 45 U.S. Code of Federal Regulations(CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part: 2138G – Schedule for Recertification (Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13) The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141). 2141 – Recertification – ICFs/IID (Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13) · The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111. · Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months. · If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction. · An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days. ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes. The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Chapter 18H – Plan of Correction (POC) – ICF/IID states in part: Purpose When an entity has received a citation, they must provide RCS with a POC and/or Credible Allegation of Compliance (CA) within 10 calendar days of receiving the SOD from RCS. The POC and/or CA must include the date each deficiency has been or will be corrected. Correction dates must not exceed 45 calendar days from the exit date, unless approved by the FM. The 45-calendar day count begins with the next full day after exit. Procedure POC Notification 1. The regulator will: a. Inform the entity prior to exit that a SOD report will be issued within 10 WDs of exit date. b. Inform the entity prior to exit that the POC must be completed for each cited deficiency in the SOD and returned to the department within 10 calendar days of receiving the SOD report. c. When necessary to protect resident health, safety, or welfare, the regulator may request a written safety plan submitted by the entity before exiting. Review of POC 1. The regulator will: a. Review the POC within five WDs of receipt (or request the FM review if the regulator will not be available). Confirm the POC for each deficiency includes: 1) How the entity will correct the deficiency for each numbered resident. 2) How the entity will protect residents from similar situations. 3) Measures the entity will take or the systems it will change to ensure that the problem does not recur. 4) How the entity plans to monitor its ongoing performance to sustain compliance. 5) Dates corrective action will be completed; and 6) Title of person responsible for correction. b. If the POC does meet the required elements listed above, notify the FM and Unit AA3 that the POC is accepted and save the survey packet to the shared drive. c. If the POC does not meet the required elements listed above, review the missing elements with the FM to determine if the FM agrees that the POC does not meet the required elements. Document the reason for the rejection in POC for each deficiency cited and that the entity was contacted out of courtesy to ensure open communication. This should also be documented on Attachment V as part of the revisit working papers. POC Not Received 1. If the POC is not received by the 10th calendar day (or next WD if the 10th calendar day falls on a weekend or holiday): a. The Unit AA3 will email the administrator on the next WD and remind them to submit the POC within the next 24 hours. b. Document the date and time of the call on the electronic tracking sheet. c. If the POC is still not received by the 15th calendar day following the exit date, the FM will: 1) Determine if an unannounced on-site revisit needs to be conducted. 2) Call or meet with the ICF/IID to: a) Review the department’s concerns related to the ICF/IID’s failure to submit an POC that meets the required elements; and b) Obtain the POC. d. If the ICF/IID is unable or unwilling to comply with POC requirements, initiate a recommendation for enforcement remedy by following all steps contained in SOP Chapter 7 - Enforcement.
2025-048 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit. Assistance Listing Number and Title: 93.775 – State Medicaid Fraud Control Units 93.777 State Survey and Certification of Health Care Providers and Suppliers 93.778 Grants to States for Medicaid 93.778 COVID-19 Grants to States for Medicaid Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2405WA5MAP; 2405WA5ADM; 2505WA5MAP; 2505WA5ADM Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Tests and Provisions - Medicaid Fraud Control Unit Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2024-077 Background Medicaid is a jointly funded state and federal partnership providing coverage for about 2.3 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and accounts for about half of the state’s federal expenditures. During fiscal year 2025, the program spent more than $23.7 billion in federal and state funds. States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings. States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud. Case managers and field staff at the Department of Social and Health Services, as well as its contractor, Consumer Direct Care Network Washington (CDWA), who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. Before March 2025, if the allegation was credible, and the fraud had a potential loss of $1,000 or more, the Department would refer the case to MFCU. During that time, the Department and CDWA worked together to offer provider education and billing standards training. Fraud allegations less than $1,000 were reviewed and tracked to ensure that any repeat allegations could be compiled to show a pattern of possible fraudulent behaviors. Starting in March 2025, the Department changed its practice to refer all credible allegations, regardless of the monetary value of the allegation. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU. The prior finding number was 2024-077. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU. To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received. For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 55 out of a total population of 468 allegations. We determined ALTSA did not properly refer 17 (31%) credible allegations of fraud to MFCU. For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 16 out of a total population of 116 allegations. We determined DDA did not properly refer two (13%) credible allegations of fraud to MFCU. We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 was not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss. We consider these internal control deficiencies to be a material weakness which led to material noncompliance. Cause of Condition Department management asserted in fiscal year 2024 that they believed MFCU only wanted them to refer allegations with a monetary value more than $10,000. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more. During fiscal year 2025, in response to our audit recommendations, the Department changed the way it referred allegations. During fiscal year 2025, the Department changed its policy to refer all credible allegations, regardless of the monetary value of the allegation. Because this practice did not begin until March of 2025, there were still some cases that the Department did not refer to MFCU that it should have. Effect of Condition Because the Department used a monetary threshold for a majority of the audit period, it did not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation. The State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers. Recommendation We recommend the Department continue to refer all credible allegations of fraud to MFCU. Department’s Response The Department concurs with the finding. The Department addressed the Fiscal Year 2024 Medicaid Fraud Control Unit (MFCU) audit finding by implementing enhanced internal controls to ensure that all fraud referrals, regardless of dollar amount, are submitted to MFCU. The corrective action plan associated with the 2024 finding was completed in April 2025. The 17 credible allegations identified within Aging Long-Term Services Administration, and the two identified within Developmental Disabilities Administration occurred prior to April 2025, preceding both the process improvement and the completion of the 2024 corrective action plan. All 19 credible allegations were under $1,000 and while those may not have been referred to MFCU, Consumer Direct Care Network Washington (CDWA) did provide provider education and ensured all funds were returned to Centers for Medicare and Medicaid Services. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part: (a). The agency must (1) Refer all cases of suspected provider fraud to the unit; The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2025-049 The Health Care Authority did not have adequate internal controls over and did not comply with Recovery Audit Contractor requirements for the Medicaid program. Assistance Listing Number and Title: 93.775 – State Medicaid Fraud Control Units 93.777 State Survey and Certification of Health Care Providers and Suppliers 93.778 Grants to States for Medicaid 93.778 COVID-19 Grants to States for Medicaid Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2405WA5MAP; 2405WA5ADM; 2505WA5MAP; 2505WA5ADM Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Tests and Provisions - Medicaid Recovery Audit Contractors (RACs) Known Questioned Cost Amount: None Prior Year Audit Finding: No Background Medicaid is a jointly funded state and federal partnership providing coverage for about 2.3 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and accounts for about half of the state’s federal expenditures. During fiscal year 2025, the program spent more than $23.7 billion in federal and state funds. The Medicaid Recovery Audit Contractor (RAC) program was established under Section 1902(a)(42)(B)(i) of the Social Security Act (42 U.S.C. Section 1396a) and 42 CFR section 455, Subpart F. The program requires states to contract with one or more RACs to identify Medicaid underpayments and overpayments, and to recover overpayments made under the state plan or any waiver. States must also report recoveries on the CMS-64 report, ensure RACs coordinate with other auditing entities, refer suspected fraud or abuse to the Medicaid Fraud Control Unit (MFCU) or law enforcement and set limits on the number and frequency of medical records to be reviewed by the RACs. In Washington, the Health Care Authority (HCA) is the designated state Medicaid agency responsible for implementing RAC requirements. Washington previously operated under a State Plan Amendment (SPA 22-0030) approved by the Centers for Medicare and Medicaid Services (CMS), which waived RAC requirements through September 30, 2024. After the waiver expired, the requirement to establish and operate a RAC program became fully effective beginning October 1, 2024. Approximately ninety percent of Washington’s Medicaid population are enrolled in managed care, which provides health services through distribution of a per member per month capitation payment. The remaining services are furnished under and made through the fee-for-service (FFS) payment model. States may exclude Medicaid managed care claims from review by Medicaid RACs. The Authority submitted SPA 25-0021 in July 2025 to begin establishment of a RAC program, effective September 2025, to review claims submitted by providers of items and services, and other coverage codes for which payment has been made from FFS funds and to identify underpayments and overpayments on behalf of the State. Federal regulations require recipients to establish and maintain effective internal controls that ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with RAC requirements for the Medicaid program. During the audit period, the Authority did not execute a RAC contract or begin implementing the RAC program. The Authority did begin contract negotiations and filed SPAs to establish a RAC program effective September 2025; however, the Authority did not comply with federal requirements for the Medicaid RAC during the audit period. Because the Authority did not contract with a Medicaid RAC, we found it did not meet the following requirements of the RAC program: · Perform claims reviews, overpayment recoveries and underpayment identifications; as such, it excluded RAC activities from the CMS-64 report. · Develop policies, procedures and internal controls to support RAC compliance requirements, such as setting limits on medical record requests, conducting provider outreach, coordinating recovery efforts with other auditing entities, and making fraud referrals. We consider these internal control deficiencies to be a material weakness that led to material noncompliance. We did not report this issue as a finding in the prior audit. Cause of Condition The Authority did not complete the procurement process before SPA 22-0030 expired. Negotiations with a potential successful bidder continued through the audit period, delaying implementation beyond the fiscal year end. Effect of Condition Without implementing a RAC program, the state cannot ensure improper FFS Medicaid payments are identified and recovered under the program. This increases the risk that: Federal and state Medicaid funds are not safeguarded, since overpayments remain undetected and uncollected Underpayments to providers go unaddressed, which can affect provider participation and program integrity Fraud, waste and abuse are not referred to the appropriate authorities, weakening oversight and enforcement efforts The Authority would not meet CMS oversight expectations, as it did not report required RAC activities and recoveries on the CMS-64 report Recommendation We recommend the Authority establish internal controls over and complete implementation of the RAC program, including the development and execution of RAC-specific policies, conducting claims reviews and recoveries, establishment of fraud referral procedures, and ensuring compliance with CMS-64 reporting requirements. Authority’s Response The Authority partially concurs with the finding. It agrees it did not have a RAC contract in place during the fiscal year under review but expects to have the contract in place by October 2025. However, it does not concur with the auditor’s recommendation. The work of a RAC contractor is one of many tools used by the Authority to identify and report fraud, waste, and abuse and is meant to supplement the Authority’s Program Integrity work. The Authority has policies and procedures in place over claim reviews and recoveries, fraud referral procedures, and CMS reporting requirements, and will simply add the results of the RAC contractor reviews into its current workflow. Auditor’s Remarks The Authority states that additional program integrity work is performed to address similar objectives as the RAC. However, the compliance area that this finding addresses only includes activities performed as part of the RAC program. The additional activities the Authority refers to are not within the scope of this special test and are instead examined under other compliance areas. As such, we reaffirm our finding and will review the status of the Authority’s corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Social Security Act §1902(a)(42)(B)(i) (42 U.S.C. §1396a), Requires states to establish programs to contract with Medicaid RACs to identify and recover overpayments and identify underpayments. Title 42 CFR part 455 section 502, Establishment of Program, states: (a) The Medicaid Recovery Audit Contractor program (Medicaid RAC program) is established as a measure for States to promote the integrity of the Medicaid program. (b) States must enter into contracts, consistent with State law and in accordance with this section, with one or more eligible Medicaid RACs to carry out the activities described in § 455.506 of this subpart. (c) States must comply with reporting requirements describing the effectiveness of their Medicaid RAC programs as specified by CMS. Section 506, Activities to be conducted by Medicaid RACs and States (a) Medicaid RACs will review claims submitted by providers of items and services or other individuals furnishing items and services for which payment has been made under section 1902(a) of the Act or under any waiver of the State Plan to identify underpayments and overpayments and recoup overpayments for the States. (1) States may exclude Medicaid managed care claims from review by Medicaid RACs. (b) States may coordinate with Medicaid RACs regarding the recoupment of overpayments. (c) States must coordinate the recovery audit efforts of their RACs with other auditing entities. (d) States must make referrals of suspected fraud and/or abuse, as defined in 42 CFR 455.2, to the MFCU or other appropriate law enforcement agency. (e) States must set limits on the number and frequency of medical records to be reviewed by the RACs, subject to requests for exception from RACs to States. Section 508, Eligibility requirements for Medicaid RACs An entity that wishes to perform the functions of a Medicaid RAC must enter into a contract with a State to carry out any of the activities described in § 455.506 under the following conditions: (a) The entity must demonstrate to a State that it has the technical capability to carry out the activities described in § 455.506 of this subpart. Evaluation of technical capability must include the employment of trained medical professionals, as defined by the State, who are in good standing with the relevant State licensing authorities, where applicable, to review Medicaid claims. (b) The entity must hire a minimum of 1.0 FTE Contractor Medical Director who is a Doctor of Medicine or Doctor of Osteopathy in good standing with the relevant State licensing authorities and has relevant work and educational experience. A State may seek to be excepted, in accordance with § 455.516, from requiring its RAC to hire a minimum of 1.0 FTE Contractor Medical Director by submitting to CMS a written request for CMS review and approval. (c) The entity must hire certified coders unless the State determines that certified coders are not required for the effective review of Medicaid claims. (d) The entity must work with the State to develop an education and outreach program, which includes notification to providers of audit policies and protocols. (e) The entity must provide minimum customer service measures including: (1) Providing a toll-free customer service telephone number in all correspondence sent to providers and staffing the toll-free number during normal business hours from 8:00 a.m. to 4:30 p.m. in the applicable time zone. (2) Compiling and maintaining provider approved addresses and points of contact. (3) Mandatory acceptance of provider submissions of electronic medical records on CD/DVD or via facsimile at the providers' request. (4) Notifying providers of overpayment findings within 60 calendar days. (f) The entity must not review claims that are older than 3 years from the date of the claim, unless it receives approval from the State. (g) The entity should not audit claims that have already been audited or that are currently being audited by another entity. (h) The entity must refer suspected cases of fraud and/or abuse to the State in a timely manner, as defined by the State. (i) The entity meets other requirements as the State may require. Section 516, Exceptions from Medicaid RAC programs A State may seek to be excepted from some or all Medicaid RAC contracting requirements by submitting to CMS a written justification for the request for CMS review and approval through the State Plan amendment process.