Corrective Action Plans

Views of Responsible Officials and Planned Corrective Action Management agrees with the recommendation. Quivira Coalition will: Action Step Detail Date Responsible Party Update its subrecipient and contractor agreement templates to include information outlined in 2 CFR § 200.332, including more specific federal award identification. 10/31/25 Operations Director Add a clause to the subrecipient and contractor agreement templates to include a requirement to report any significant developments to Quivira Coalition. 10/31/25 Operations Director Build a procedure for evaluating a subrecipient’s fraud risk and risk of non-compliance with the federal awards (as outlined in 2 CFR § 200.332 (c)) during the grant application phase or before engaging in agreements & work with subrecipient. It will continue to follow-up annually with the recipients on fraud risk and risk of non-compliance until the end of the federal award period. 10/31/25 Operations Director; CRI Director & Grants Manager Monitor sub-recipients as required by 2 CFR 200.332(e) 1/31/2026 Operations Director If a subrecipient has significant development during the course of monitoring, institute a tailored monitoring plan as outlined in 2 CFR § 200.332 (e) & (f) and resolve any findings listed as its responsibility under 2 CFR § 200.332 (e). 10/31/25 Operations Director; CRI Director & Grants Manager

Ref. No. 2024-001: Missing Signatures Recommendation: The Company should consider reevaluating their established procedures and controls currently in place to ensure full compliance with regard to eligibility and proper maintenance of tenant information, including policies for handling missing files during management transitions to ensure compliance with HUD requirements. Action Taken: The Company will start randomly testing a small sample of tenant files, as part of our quarterly site inspection. Additionally, Kay-Kay Realty, a third-party vendor is already engaged to review tenant move-in and recertification files, but the prior resident manager was selecting the files to review. We will now ask Kay-Kay Realty to randomly select tenant files for their review process. Contact person: Patrick Delaney; (808) 523-5681, ext. 693 Anticipated Completion Date: October 1, 2025

Corrective Action: The risk assessment template and list of subaward terms to be downloaded. A new subaward agreement template to be developed which encompasses all aspects of 200.332(b). Contact Persons: Laurie Olson, Controller and Kevin Osborn, Interim Executive Director Implementation Timeline: The risk assessment template and subaward terms were downloaded and distributed to key stakeholders on Friday, September 19, 2025. A new subaward agreement template will be created in a multi-department collaboration and is due to be completed by December 31, 2025.

The Organization recognizes that subrecipient agreements must include all elements required by 2 CFR 200.332(b)(1). To address this, management will update the standard subrecipient agreement template to incorporate each required element and will adopt a checklist to be used during the agreement drafting and review process to ensure completeness. Staff responsible for preparing and executing subrecipient agreements will receive training on Uniform Guidance requirements. These steps will ensure that all subrecipient agreements fully comply with Federal regulations going forward.

Finding number 2024-005, material weakness in internal controls over compliance – subrecipient monitoring. Recommendation: We recommend that management implement procedures to ensure that all subrecipient agreements include the information required by 2 CFR 200.322. This should include a standardized checklist or template for subaward agreements and periodic reviews to verify compliance. We further recommend the entity implement and document procedures to (1) perform and retain evidence of subrecipient risk assessments, and (2) verify and document whether sub-recipients are subject to the Since Audit and, if so, obtain and review the audit reports for findings related to the federal program. Explanation of Disagreement with Audit Finding: There is no disagreement with the audit finding. Action planned in response to the finding: KRJC will develop a standardized checklist for all subaward agreements and will conduct semi-annual reviews to verify compliance with that checklist. As part of this updated review, KRJC will perform updated risk assessments with all sub-awardees and will retain evidence of those risk assessments in sub-awardee files. KRJC will also verify and document whether sub-recipients are subject to the single audit, and, if so, obtain and review the audit reports for findings related to the federal program. KRJC will ensure that any existing sub-awardees are reviewed for compliance no later than November 1, 2025. Planned completion date for corrective action plan: November 1, 2025.

Management agrees with the finding. The Organization hired a new Executive Director in the fall of 2024 and has discussed the matter with the Department of Agriculture and legal counsel to ensure compliance requirements are followed.

Finding 2024-001 Audit Finding: In accordance with 2 CFR § 200.332(a) of the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), pass-through entities are required to “clearly identify to the subrecipient” certain information and requirements at the time of subaward, including the Federal award identification, all compliance requirements, and any additional terms and conditions imposed by the pass-through entity. The Town did not execute a formal subrecipient agreement with Fishers Island Ferry District, to whom federal funds were passed through during the audit period. Specifically, no written agreement was in place outlining the subrecipient’s responsibilities, applicable compliance requirements, or the terms and conditions of the award. Recommendation: We recommend that the Town develop and implement procedures to ensure that formal written subrecipient agreements are executed prior to the disbursement of federal funds. These agreements should contain all elements required by 2 CFR § 200.332(a), including the identification of the federal award, applicable compliance requirements, and any additional terms and conditions. Corrective Action Plan: In coordination with the Supervisor’s office, Town Attorney’s office, and Comptroller’s office, formal subrecipient agreements will be prepared and executed, with adoption of Town Board resolutions, between the Town of Southold and pass-through entities concurrently as Federal grant contracts are awarded, as applicable. Responsible Individual: Albert J. Krupski Jr., Town Supervisor Paul DeChance, Town Attorney Michelle Nickonovitz, Town Comptroller Planned Date of Implementation: Corrective action plan procedures have already been communicated and implemented to ensure that formal written subrecipient agreements with pass-through entities are executed prior to the disbursement of federal funds.

Finding 2024-003 - Subrecipient Monitoring Contact Person Responsible for Corrective Action: Danny Yost Contact Phone Number: 812-285-6221 Views of Responsible Official: We concur with the finding. Description of Corrective Action Plan: The County will obtain all subrecipient audit reports and formally document their review of each subrecipient's audit report. Anticipated Completion Date: October 2025

Finding summary: an internal control deficiency affecting the accuracy of the Schedule of Expenditures of Federal Awards (SEFA) Responsible department: Finance and PPACG Contact person: Finance Corrective action plan: As of 2025 SEFA internally will be prepared by Grant coordinator and review by Finance. Envida will ensure that all appropriate ALNs and Federal identifications and amounts are included on the contracts. Envida will implement a process for all appropriate department directors, including CEO to sign off on each grant received. Timeline for completion: Dec 31 2025 Monitoring plan: Monthly Review with Grant coordinator Anticipated outcome: SEFA will reflect accurate federal expenditures.

FINDING 2024-002 Massachusetts Individual Responsible for Corrective Action Plan: Alliance Director Jenn Aldworth Corrective Action: The Organization is refining subaward agreements for future awards and will ensure federal provisions required to be communicated by the grant and also 2 CFR § 200.332 are incorporated consistently for all subrecipients. Anticipated Completion Date: December 31, 2025

State of Missouri Single Audit Corrective Action Plan Year Ended June 30, 2024 State Agency: State Emergency Management Agency Audit Finding Number: 2024-012 - SEMA Subrecipient Monitoring Name of the contact person responsible for corrective action: Nikol Enyart Anticipated completion date for corrective action: Implemented Corrective action planned is as follows: Since the discovery of the shortfall in the monitoring of subrecipients, SEMA has taken action to get the program back on track. SEMA has maintained forward momentum on completing the risk assessments during the time dictated by the policy. SEMA has also completed 46 out of 107 desk monitoring reports for the medium risk subrecipients, and SEMA has completed 17 out of 83 site visits for high risk subrecipients. SEMA has also cross trained multiple employees in the steps and processes to achieve high outputs for this process. SEMA has created a separate tracker to focus directly on the desk monitoring and site visits that have been completed or still need to be completed. This tracker is monitored by the Deputy Recovery Division Manager. SEMA also generates reports on the 15th and 30th of each month outlining any progress made during those two weeks, and those reports are submitted to the Recovery Division Manager. This report was first created and submitted on January 31, 2025. In relation to the A-133 audits, SEMA has implemented cross training for staff that will ensure should one employee leave, the task will continue without disruption. Two staff are now trained and will submit a report each quarter to the Deputy Fiscal Manager to ensure compliance with the A-133 requirements.

State of Missouri Single Audit Corrective Action Plan Year Ended June 30, 2024 State Agency: Office of Administration Audit Finding Number: 2024-007, SLFRF Program Subrecipient Monitoring Name of the contact person responsible for corrective action: Stacy Neal Anticipated completion date for corrective action: November 1, 2025 Recommendation A.: Develop policies and procedures to determine whether recipients of SLFRF program funds are subrecipients or contractors. Continue to work with the state agencies to ensure accurate and documented determinations are prepared for all recipients and modify subrecipient records as needed. OA partially agrees with the auditor’s finding. Corrective action planned is as follows: OA did complete a training for all agencies regarding subrecipient monitoring and the agencies responsibilities. OA also distributed a memo instructing agencies where to find information regarding subrecipient monitoring and instructing agencies to develop policies and procedures for their agency. To avoid confusion, OA will pursue Memorandums of Understandings (MOU) with agencies to ensure agencies understand their responsibilities for sub-recipient monitoring including sub-recipient specific risk assessments and monitoring. Finally, OA will implement random reviews of the sub-recipient monitoring compliance. Recommendation B.: The OA did not implement an effective subrecipient monitoring program to monitor the SLFRF subrecipients. As a result, some subrecipient monitoring procedures were not performed as required by the UG. OA agrees with the auditor’s finding. Corrective action planned is as follows: OA will pursue Memorandums of Understandings (MOU) with agencies to ensure agencies understand their responsibilities for sub-recipient monitoring including sub-recipient specific risk assessments and monitoring. Finally, OA will implement random reviews of the sub-recipient monitoring compliance.

State of Missouri Single Audit Corrective Action Plan Year Ended June 30, 2024 State Agency: Department of Health and Senior Services (DHSS) Audit Finding Number: 2024-009 - CACFP Subrecipient Monitoring Name of the contact person responsible for corrective action: Sarah Walker, Bureau Chief Anticipated completion date for corrective action: Corrective action planned is as follows: The agency does not agree with the audit findings and therefore no corrective action is required. Explanation and specific reasons are as follows: DHSS disagrees with this finding. While the USDA partially sustained the previous finding in the FY2023 SWSA, the corrective action plan and supporting documentation submitted by DHSS was accepted by USDA and deemed adequate. On April 17, 2025, the USDA recommended final action to close the FY2023 audit finding.

WFA Management’s Corrective Action Plan for Year Ended 12/31/2024 Finding number: 2024-002 Finding relates to subrecipient monitoring and management under 2 CFR Part 200. Corrective Action Plan The Women’s Foundation of Alabama is committed to ensuring clarity, accountability, and compliance in our grants management. To address the findings, we will: 􀁸 Implement the Subrecipient vs. Contractor Determination Form as a standard requirement for all agreements. For all agreements determined to be with subrecipients, a standardized agreement process to ensure that all required information is communicated and documented upfront. This includes clearly stating: o The federal award name and Assistance Listing Number (ALN). o A list of all applicable federal regulations. o Financial and performance reporting requirements and deadlines. Responsible Parties 􀁸 Chief Operating Officer – overall accountability for corrective action 􀁸 Director of Strategic Operations – coordination of implementation and recordkeeping 􀁸 Accounting Team (Mauldin & Jenkins): Technical assistance on compliance and reconciliation Anticipated Timeline 􀁸 Form and process adopted by [October 2025]

Action taken in response to finding: The County will review the subrecipient monitoring requirements and work with the County Auditor to develop a formal policy that includes internal controls, monitoring procedures, and documentation requirements.

USAID Foreign Assistance for Programs Overseas – Assistance Listing No. 98.001 Recommendation: CLA recommends amending existing subaward agreements to include the award information required by CFR 200.332(b) and to verify all future subawards agreements include all necessary information prior to issuance. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: SFP will revise its subaward agreement template to include all necessary award information as required by CFR 200.332(b). Name(s) of the contact person(s) responsible for corrective action: Annie Haylon Planned completion date for corrective action plan: October 31, 2025

The subgrantees in question were Boys & Girls Clubs of America, National Youth Service League, Young Men’s Service League, and Boise State. 9/11 Day researched all subgrantees, required each to provide MOUs, program details, and budgets, and verified organizational status using resources such as Candid and Charity Navigator. Financial statements were also reviewed, but documentation of these reviews and verifications was not consistently retained, and certain federal requirements were not fully incorporated into the process. 9/11 Day has now adopted a written policy that ensures that, in its role as a pass-through entity, all subgrants will be made in full compliance with the minimum required elements found under 2 CFR 200.332(b). This shall include implementing a comprehensive tracking and monitoring system for all subgrantees, regardless of funding level, with enhanced verification requirements for those receiving over $30,000. All subaward agreements will be updated to include the minimum required elements under 2 CFR 200.332(b), and the evaluation of subgrantee risk will incorporate all suggested elements under 2 CFR 200.332(c), including consideration of fraud risk and risk of noncompliance. The system will record the time and date of all eligibility verifications and retain supporting documentation, including MOUs, SAM.gov confirmation of suspension and debarment status, IRS Form 990s, financial statements, and audit confirmations. In compliance with 2 CFR 200.332(e)(1), subgrantees will now be required to submit both performance and financial reports, which will be reviewed and compared against project budgets. In addition, 9/11 Day will evaluate subgrantees’ Single Audits, if filed, in accordance with 2 CFR 200.332(e)(2)–(4) and will review any reported deficiencies. All monitoring activities will be documented and logged throughout the life of each project to ensure stronger oversight, complete documentation, and compliance with federal requirements.

Corrective Action Plan – Hamilton County Economic Development Corporation (dba Invest Hamilton County) Public Accounting Firm CliftonLarsonAllen LLP Audit Period Year ended December 31, 2024 The finding from the December 31, 2024 consolidated schedule of findings is discussed below. The findings is numbered consistently with the numbers assigned in the schedule. Section III 2024-001: Condition: The Organization did not clearly communicate the required federal award information and applicable requirements to the subrecipients. The Organization did not evaluate the risk of non-compliance of the subrecipients in order to identify the appropriate monitoring procedures. Statistical sampling was not used in making sample selections. Response: The response to this finding in 2023 was provided less than one month prior to the end of the grant activity period, and therefore adaptation to the management period was not feasible for this project. The Organizations’ Board and Chief Executive OMicer (CEO) and key HCEDC StaM recognize the need to further refine subrecipient monitoring. Subrecipients within the identified project are all school districts already under single audit with associated levels of financial controls and reporting. Participating districts, via their appropriate elected boards, were informed the conditions of the grant and individually voted to accept obligations and requirements. HCEDC management, in alignment with outsourced controller services via CliftonLarsonAllen LLP, have now further increased controls and monitoring activity. Through the onboarding of a new Grants Management System (GMS) in Fall 2024, subrecipient monitoring activity and profiles are now created for each eligible award. In 2024 and 2025, the HCEDC has also been much more active in communicating reporting and grants management requirements to subrecipients, including multiple amendments to the ESSER grant program. The new GMS system is built specifically to assist organizations with single audit compliance and has multiple features specific to subrecipient reporting and monitoring. If there are any questions regarding this plan, please contact the undersigned at 317-663-4457. Mike Thibideau PRESIDENT & CEO – INVEST HAMILTON COUNTY 37 East Main Street Carmel, IN 46032

WRTP has reviewed the organization’s fiscal policy manual including all subsections regarding monitoring responsibilities. Additional training has been provided and completed by management and staff. Management has reviewed all monitoring with the subrecipient in good faith efforts.

B. Corrective action steps taken and/or planned: ACHD will maintain lists of subrecipients used and checklists to help ensure that monitoring activities are performed for each. Also working on establishing a process to incorporate language into our contracts. In addition, ACHD will complete and file out of compliance sub recipient forms per the timetable noted in Section D below. C. Timetable of dates for performance of planned corrective action steps including completion date: Slated to begin new process August 1, 2025 for new contracts and/or contract renewals. Once process has been finalized, ACHD Fiscal will also review past agreements that are still in effect. D. Description of monitoring to be performed to ensure corrective action steps are taken: ACHD Financial Manager and Grants Manager will ensure lists and monitoring activities are maintained.

ACHD will maintain lists of subrecipients used and checklists to help ensure that monitoring activities are performed for each. Also working on establishing a process to incorporate language into our contracts. In addition, ACHD will complete and file out of compliance sub recipient forms per the timetable noted in Section D below. D. Description of monitoring to be performed to ensure corrective action steps are taken: ACHD Financial Manager and Grants Manager will ensure lists and monitoring activities are maintained.

Management will develop and implement formal procedures for subrecipient monitoring that include retention of single audit and compliance audit reports of subrecipients and regular communications to monitor progress and compliance with program objectives.

2024-002 Conservation Research and Development Program – Assistance Listing #81.086 Recommendation: The Organization should establish written policies and procedures regarding the contracting and monitoring of subrecipients that are in line with Uniform Guidance requirements, as well as establish organizational controls to ensure that such policies and procedures are being followed. Explanation of disagreement with audit findings: There is no disagreement with the audit findings. Action Plan: Effective October 31, 2024, we established procedures for monitoring subrecipients, which include obtaining and reviewing their annual audits. This procedure, implemented late in 2024, remains in practice to date. In 2025, we will strengthen these procedures by: ● Establishing a monitoring plan for each subrecipient based on their assessed level of risk. ● Instituting procedures for formally documenting all monitoring activities. ● Completing risk assessments for past subrecipients to ensure comprehensive oversight. Name(s) of the contact people responsible for correction action: Gina Avalos-Limardo, Director of Finance & Operations and Cho Heide, Contracts & Compliance Manager Plan completion date for corrective action plan: November 30, 2025

Finding 2024-0002 Subrecipient Monitoring CDOT Subrecipient Monitoring was lacking documentation. Corrective Action: ECCOG Executive Director and/or Senior & Transit Services Director will implement a formal monitoring protocol for future contracts as there are no subrecipient contracts at this time. The former subrecipients now have their own CDOT contract for funding. The protocol/procedures may be added to the Grant Management Policy using the CDOT guidance received. Person Responsible for Implementation: Executive Director Implementation Date: Sept 18, 2025. Corrective Action Plan approved by ECCOG’s Board of Directors September 18, 2025

2024-001: Subrecipient Monitoring – Low Income Energy Assistance Program Name of Contact Person: Bobbie Crooker, Director of Energy and Housing Management’s Views and Corrective Action Plan: The Department of Energy and Housing Services (EHS) at MaineHousing agrees that not all subrecipients had the required annual quality assurance reviews performed within the specified timeframe. Additionally, it agrees that all monitoring reviews were not formally documented. This issue occurred due to staff turnover within the LIHEAP Team, within the Fiscal Team, and within the EHS Department overall, as well as due to an insufficient monitoring process. EHS is in the process of developing and implementing a department wide Monitoring group with representation from all Teams in the department. As part of this, the Monitoring group is developing a regular schedule to visit the Community Action Agencies (CAAs) each year based on the established schedule. At the conclusion of each review, a consolidated report with an overall summary will be completed for each CAA. This new process will ensure that all CAAs are monitored by all program teams as well as the fiscal team each year and that all monitoring visits are documented appropriately. In addition to this, EHS has hired a Quality Control Specialist to review all monitoring reports, and program processes to ensure that each Team is monitoring to the applicable programmatic requirements annually. The monitoring group will be fully implemented by January 2026. Proposed Completion Date: January 2026