Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-042 Federal Funding Accountability and Transparency Act The Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) was created to empower Americans with the ability to hold the government accountable for each spending decision and, as a result, to reduce wasteful spending by the government. The Transparency Act requires the federal government to make certain information on federal awards available to the public. In order to obtain this information, the federal government requires grant recipients to provide information to it. For example, the federal Department of Education (DOE) requires the Department to report information about subgrants, or subawards, it gives to other governments or to nonprofit organizations (also referred to as subrecipients) from the DOE grants it receives. Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the Department, to an entity to carry out part of a Federal grant award received by the pass-through entity. The Department is specifically required to file FFATA reports through the FFATA Subaward Reporting System (FSRS). Once the Department submits a report to FSRS, the public can view certain information from the report, including the subrecipient?s name, subaward identification number, subaward obligation/action date, subaward amount, federal awarding agency and subagency, the Department?s name, and the Department?s grant award identification number. The Department is required to file a FFATA report in the following circumstances: ? If the initial award is equal to or more than $30,000; ? If subsequent grant modifications result in a total award are equal to or more than $30,000; ? If the initial award is equal to or more than $30,000 but funding is subsequently de-obligated such that the total award amount falls below $30,000. The Department?s required FFATA reports for Fiscal Year 2022 included information on Title I Grants to Local Education Agencies [ALN 84.010] and COVID-19 Education Stabilization Fund (ESF) [84.425], specifically Elementary and Secondary School Emergency Relief (ESSER) Fund [84.425D] and American Rescue Plan - Elementary and Secondary School Emergency Relief (ARP ESSER) [84.425U]. FFATA reporting was required for the Department because the Department passed through funds to one or more subrecipients for both programs in excess of $30,000. The Department is required to report the subaward information in FSRS no later than the end of the month following the month in which the award was made. According to the Department, during Fiscal Year 2022, it was required to submit and revise 180 and 450 FFATA reports for the Title I and ESF programs, respectively. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the Department had adequate internal controls over FFATA reporting during Fiscal Year 2022 and whether the information in the Department?s submitted FFATA reports was accurate and submitted in a timely manner. We requested a list of all Title I and ESF subawards made by the Department during Fiscal Year 2022. We then selected a sample of 18 Title I and 29 ESF subawards and requested copies of the FFATA reports that were uploaded to the FSRS system by the Department. The full FFATA reports are only accessible by the Department and are not fully viewable on FSRS. Once the Department provided copies of the uploaded reports, we then reviewed the FFATA reports within FSRS for each subaward selected for testing to determine if the FFATA report was made in a timely manner in accordance with federal regulations. How were the results of the audit work measured? In accordance with federal regulations [2 CFR 170], direct recipients of federal grants are required to report subawards of $30,000 or more to FSRS by the end of the month following the month in which the award was made. For example, the Department would have to submit a FFATA report to FSRS in May 2022 if an award or supplemental award equal to or greater than $30,000 was made in April 2022. The FFATA reports are required to include the following key data elements: ? Subrecipient name ? Subrecipient DUNS number ? Amount of subaward ? Subaward obligation/action date ? Date of report submission ? Subaward number ? Subaward project description ? Subrecipient names and compensation of highly compensated officers Transparency Act reporting requirements outlined on the FSRS website prescribe certain information that must be reported for these subawards, including the name of the entity receiving the award, the award amount, funding agency, and unique identifier of the entity. Federal regulations [2 CFR 200.303] require the non-Federal entity, in this instance the Department, to establish and maintain effective internal controls over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. What problems did the audit work identify? Based on our audit testwork, for the sample we tested, we determined that the Department was late in reporting all 18 of 18 Title I subawards in FSRS, by an average of 3 to 4 months, and failed to report 1 of 29 ESF subawards by the time of our audit, which represented a delay of approximately 16 months; and was late in reporting 2 of 29 ESF subawards by approximately 7 and 10 months, respectively. Collectively, these subawards totaled about $30 million for Fiscal Year 2022. The following tables summarize the results of our testing and group each exception within the following categories: Subaward Not Reported and Report Not Timely. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Why did these problems occur? The Department reported that an influx in pandemic funding resulted in the Department experiencing a 233 percent volume increase in funding distributions and to more than 5,000 submissions and resubmissions in its required Fiscal Year 2022 FFATA reporting for all federal programs managed by the Department?s grant fiscal team. The Department indicated that its grant fiscal team also experienced staff turnover and vacancies during the year and the Department did not adequately reassign resources to ensure FFATA reporting requirements were identified and that reports were submitted on time. Initially, only one FTE was dedicated to FFATA reporting. During the year, the Department allocated a portion of the FFATA workload to another existing FTE and added an additional FTE in May 2022 to work on reconciling FFATA submissions; as a result, Department staff identified the two submissions previously missed, but the reallocations and reconciliations were not made in time to ensure the Department met all of its required FFATA report submission timelines. In addition, Department staff indicated that they made a conscious decision to not report the Title I subawards until May 2022?even though the initial subawards were finalized in January 2022?because the Department had historically received multiple funding allocations in addition to the initial allocation that required FFATA reporting for each allocation for up to 178 subawardees. However, the Department did not communicate with the federal awarding agency to determine whether waiting until it received all related allocations to submit its FFATA reports was appropriate. During the majority of Fiscal Year 2022, the Department also did not have a control, such as a reconciliation, to help identify subawards that went unreported during the fiscal year. Why do these problems matter? By failing to properly report FFATA subawards through FSRS, the Department is out of compliance with federal reporting requirements and risks federal sanctions. In addition, the Department fails to meet the federal intent of transparency for federal program spending. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-042 The Department of Education (Department) should strengthen its internal controls over, and ensure it complies with requirements under, the Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) reporting by: A. Improving the Department?s process for determining the timing of reporting within the FFATA Subaward Reporting System. This process should include appropriately allocating staff resources for reporting responsibilities, and considerations such as expected future award allocations and communications with the federal awarding agency when it is determined to not be feasible to report information in a timely manner. B. Continuing to develop and implement reconciliation procedures to identify subawards that went unreported during the fiscal year. Response Department of Education A. Agree Implementation Date: December 31, 2022 We agree with this recommendation. In recent years, the Federal Government had multiple continuing resolutions in their budget process, resulting in CDE?s Title I allocations coming in multiple iterations. For the last several years, CDE has received revised allocations from the US Department of Education for the fiscal year as late as early summer; in one example, we received six revisions. With staffing shortages and the administrative burden to continuously revise, research issues and update FFATA for each allocation change, CDE took the step to report only the final allocation to FFATA, which was reported as of the month the awardee was awarded. However, the report was submitted later in the fiscal year. CDE will take a two-fold approach to rectify the issue related to the required FFATA reporting for Title I. First, we will report to FSRS the initial awards within 30 days following the date the awardee was provided final approval on their award. This is consistent with CDE?s approach to all other federal awards. Second, we will monitor the continuing resolutions and changes in allocations, and report only the net changes to each awardee, in the month those changes occur from the US Department of Education. Thereby, FSRS will represent the total revised award. In addition to this approach, all Title I awards will continue to be a part of our regular FFATA reconciliation process. B. Agree Implementation Date: December 31, 2022 We agree with this recommendation. CDE identified its own failure to report two ESSER subawards to FFATA within 30 days as part of the successful development and implementation of a FFATA-specific reconciliation process in Summer 2022. CDE will continue to refine and improve its FFATA reconciliation process.
Finding 2022-042 Federal Funding Accountability and Transparency Act The Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) was created to empower Americans with the ability to hold the government accountable for each spending decision and, as a result, to reduce wasteful spending by the government. The Transparency Act requires the federal government to make certain information on federal awards available to the public. In order to obtain this information, the federal government requires grant recipients to provide information to it. For example, the federal Department of Education (DOE) requires the Department to report information about subgrants, or subawards, it gives to other governments or to nonprofit organizations (also referred to as subrecipients) from the DOE grants it receives. Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the Department, to an entity to carry out part of a Federal grant award received by the pass-through entity. The Department is specifically required to file FFATA reports through the FFATA Subaward Reporting System (FSRS). Once the Department submits a report to FSRS, the public can view certain information from the report, including the subrecipient?s name, subaward identification number, subaward obligation/action date, subaward amount, federal awarding agency and subagency, the Department?s name, and the Department?s grant award identification number. The Department is required to file a FFATA report in the following circumstances: ? If the initial award is equal to or more than $30,000; ? If subsequent grant modifications result in a total award are equal to or more than $30,000; ? If the initial award is equal to or more than $30,000 but funding is subsequently de-obligated such that the total award amount falls below $30,000. The Department?s required FFATA reports for Fiscal Year 2022 included information on Title I Grants to Local Education Agencies [ALN 84.010] and COVID-19 Education Stabilization Fund (ESF) [84.425], specifically Elementary and Secondary School Emergency Relief (ESSER) Fund [84.425D] and American Rescue Plan - Elementary and Secondary School Emergency Relief (ARP ESSER) [84.425U]. FFATA reporting was required for the Department because the Department passed through funds to one or more subrecipients for both programs in excess of $30,000. The Department is required to report the subaward information in FSRS no later than the end of the month following the month in which the award was made. According to the Department, during Fiscal Year 2022, it was required to submit and revise 180 and 450 FFATA reports for the Title I and ESF programs, respectively. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the Department had adequate internal controls over FFATA reporting during Fiscal Year 2022 and whether the information in the Department?s submitted FFATA reports was accurate and submitted in a timely manner. We requested a list of all Title I and ESF subawards made by the Department during Fiscal Year 2022. We then selected a sample of 18 Title I and 29 ESF subawards and requested copies of the FFATA reports that were uploaded to the FSRS system by the Department. The full FFATA reports are only accessible by the Department and are not fully viewable on FSRS. Once the Department provided copies of the uploaded reports, we then reviewed the FFATA reports within FSRS for each subaward selected for testing to determine if the FFATA report was made in a timely manner in accordance with federal regulations. How were the results of the audit work measured? In accordance with federal regulations [2 CFR 170], direct recipients of federal grants are required to report subawards of $30,000 or more to FSRS by the end of the month following the month in which the award was made. For example, the Department would have to submit a FFATA report to FSRS in May 2022 if an award or supplemental award equal to or greater than $30,000 was made in April 2022. The FFATA reports are required to include the following key data elements: ? Subrecipient name ? Subrecipient DUNS number ? Amount of subaward ? Subaward obligation/action date ? Date of report submission ? Subaward number ? Subaward project description ? Subrecipient names and compensation of highly compensated officers Transparency Act reporting requirements outlined on the FSRS website prescribe certain information that must be reported for these subawards, including the name of the entity receiving the award, the award amount, funding agency, and unique identifier of the entity. Federal regulations [2 CFR 200.303] require the non-Federal entity, in this instance the Department, to establish and maintain effective internal controls over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. What problems did the audit work identify? Based on our audit testwork, for the sample we tested, we determined that the Department was late in reporting all 18 of 18 Title I subawards in FSRS, by an average of 3 to 4 months, and failed to report 1 of 29 ESF subawards by the time of our audit, which represented a delay of approximately 16 months; and was late in reporting 2 of 29 ESF subawards by approximately 7 and 10 months, respectively. Collectively, these subawards totaled about $30 million for Fiscal Year 2022. The following tables summarize the results of our testing and group each exception within the following categories: Subaward Not Reported and Report Not Timely. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Why did these problems occur? The Department reported that an influx in pandemic funding resulted in the Department experiencing a 233 percent volume increase in funding distributions and to more than 5,000 submissions and resubmissions in its required Fiscal Year 2022 FFATA reporting for all federal programs managed by the Department?s grant fiscal team. The Department indicated that its grant fiscal team also experienced staff turnover and vacancies during the year and the Department did not adequately reassign resources to ensure FFATA reporting requirements were identified and that reports were submitted on time. Initially, only one FTE was dedicated to FFATA reporting. During the year, the Department allocated a portion of the FFATA workload to another existing FTE and added an additional FTE in May 2022 to work on reconciling FFATA submissions; as a result, Department staff identified the two submissions previously missed, but the reallocations and reconciliations were not made in time to ensure the Department met all of its required FFATA report submission timelines. In addition, Department staff indicated that they made a conscious decision to not report the Title I subawards until May 2022?even though the initial subawards were finalized in January 2022?because the Department had historically received multiple funding allocations in addition to the initial allocation that required FFATA reporting for each allocation for up to 178 subawardees. However, the Department did not communicate with the federal awarding agency to determine whether waiting until it received all related allocations to submit its FFATA reports was appropriate. During the majority of Fiscal Year 2022, the Department also did not have a control, such as a reconciliation, to help identify subawards that went unreported during the fiscal year. Why do these problems matter? By failing to properly report FFATA subawards through FSRS, the Department is out of compliance with federal reporting requirements and risks federal sanctions. In addition, the Department fails to meet the federal intent of transparency for federal program spending. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-042 The Department of Education (Department) should strengthen its internal controls over, and ensure it complies with requirements under, the Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) reporting by: A. Improving the Department?s process for determining the timing of reporting within the FFATA Subaward Reporting System. This process should include appropriately allocating staff resources for reporting responsibilities, and considerations such as expected future award allocations and communications with the federal awarding agency when it is determined to not be feasible to report information in a timely manner. B. Continuing to develop and implement reconciliation procedures to identify subawards that went unreported during the fiscal year. Response Department of Education A. Agree Implementation Date: December 31, 2022 We agree with this recommendation. In recent years, the Federal Government had multiple continuing resolutions in their budget process, resulting in CDE?s Title I allocations coming in multiple iterations. For the last several years, CDE has received revised allocations from the US Department of Education for the fiscal year as late as early summer; in one example, we received six revisions. With staffing shortages and the administrative burden to continuously revise, research issues and update FFATA for each allocation change, CDE took the step to report only the final allocation to FFATA, which was reported as of the month the awardee was awarded. However, the report was submitted later in the fiscal year. CDE will take a two-fold approach to rectify the issue related to the required FFATA reporting for Title I. First, we will report to FSRS the initial awards within 30 days following the date the awardee was provided final approval on their award. This is consistent with CDE?s approach to all other federal awards. Second, we will monitor the continuing resolutions and changes in allocations, and report only the net changes to each awardee, in the month those changes occur from the US Department of Education. Thereby, FSRS will represent the total revised award. In addition to this approach, all Title I awards will continue to be a part of our regular FFATA reconciliation process. B. Agree Implementation Date: December 31, 2022 We agree with this recommendation. CDE identified its own failure to report two ESSER subawards to FFATA within 30 days as part of the successful development and implementation of a FFATA-specific reconciliation process in Summer 2022. CDE will continue to refine and improve its FFATA reconciliation process.
Finding 2022-042 Federal Funding Accountability and Transparency Act The Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) was created to empower Americans with the ability to hold the government accountable for each spending decision and, as a result, to reduce wasteful spending by the government. The Transparency Act requires the federal government to make certain information on federal awards available to the public. In order to obtain this information, the federal government requires grant recipients to provide information to it. For example, the federal Department of Education (DOE) requires the Department to report information about subgrants, or subawards, it gives to other governments or to nonprofit organizations (also referred to as subrecipients) from the DOE grants it receives. Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the Department, to an entity to carry out part of a Federal grant award received by the pass-through entity. The Department is specifically required to file FFATA reports through the FFATA Subaward Reporting System (FSRS). Once the Department submits a report to FSRS, the public can view certain information from the report, including the subrecipient?s name, subaward identification number, subaward obligation/action date, subaward amount, federal awarding agency and subagency, the Department?s name, and the Department?s grant award identification number. The Department is required to file a FFATA report in the following circumstances: ? If the initial award is equal to or more than $30,000; ? If subsequent grant modifications result in a total award are equal to or more than $30,000; ? If the initial award is equal to or more than $30,000 but funding is subsequently de-obligated such that the total award amount falls below $30,000. The Department?s required FFATA reports for Fiscal Year 2022 included information on Title I Grants to Local Education Agencies [ALN 84.010] and COVID-19 Education Stabilization Fund (ESF) [84.425], specifically Elementary and Secondary School Emergency Relief (ESSER) Fund [84.425D] and American Rescue Plan - Elementary and Secondary School Emergency Relief (ARP ESSER) [84.425U]. FFATA reporting was required for the Department because the Department passed through funds to one or more subrecipients for both programs in excess of $30,000. The Department is required to report the subaward information in FSRS no later than the end of the month following the month in which the award was made. According to the Department, during Fiscal Year 2022, it was required to submit and revise 180 and 450 FFATA reports for the Title I and ESF programs, respectively. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the Department had adequate internal controls over FFATA reporting during Fiscal Year 2022 and whether the information in the Department?s submitted FFATA reports was accurate and submitted in a timely manner. We requested a list of all Title I and ESF subawards made by the Department during Fiscal Year 2022. We then selected a sample of 18 Title I and 29 ESF subawards and requested copies of the FFATA reports that were uploaded to the FSRS system by the Department. The full FFATA reports are only accessible by the Department and are not fully viewable on FSRS. Once the Department provided copies of the uploaded reports, we then reviewed the FFATA reports within FSRS for each subaward selected for testing to determine if the FFATA report was made in a timely manner in accordance with federal regulations. How were the results of the audit work measured? In accordance with federal regulations [2 CFR 170], direct recipients of federal grants are required to report subawards of $30,000 or more to FSRS by the end of the month following the month in which the award was made. For example, the Department would have to submit a FFATA report to FSRS in May 2022 if an award or supplemental award equal to or greater than $30,000 was made in April 2022. The FFATA reports are required to include the following key data elements: ? Subrecipient name ? Subrecipient DUNS number ? Amount of subaward ? Subaward obligation/action date ? Date of report submission ? Subaward number ? Subaward project description ? Subrecipient names and compensation of highly compensated officers Transparency Act reporting requirements outlined on the FSRS website prescribe certain information that must be reported for these subawards, including the name of the entity receiving the award, the award amount, funding agency, and unique identifier of the entity. Federal regulations [2 CFR 200.303] require the non-Federal entity, in this instance the Department, to establish and maintain effective internal controls over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. What problems did the audit work identify? Based on our audit testwork, for the sample we tested, we determined that the Department was late in reporting all 18 of 18 Title I subawards in FSRS, by an average of 3 to 4 months, and failed to report 1 of 29 ESF subawards by the time of our audit, which represented a delay of approximately 16 months; and was late in reporting 2 of 29 ESF subawards by approximately 7 and 10 months, respectively. Collectively, these subawards totaled about $30 million for Fiscal Year 2022. The following tables summarize the results of our testing and group each exception within the following categories: Subaward Not Reported and Report Not Timely. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Why did these problems occur? The Department reported that an influx in pandemic funding resulted in the Department experiencing a 233 percent volume increase in funding distributions and to more than 5,000 submissions and resubmissions in its required Fiscal Year 2022 FFATA reporting for all federal programs managed by the Department?s grant fiscal team. The Department indicated that its grant fiscal team also experienced staff turnover and vacancies during the year and the Department did not adequately reassign resources to ensure FFATA reporting requirements were identified and that reports were submitted on time. Initially, only one FTE was dedicated to FFATA reporting. During the year, the Department allocated a portion of the FFATA workload to another existing FTE and added an additional FTE in May 2022 to work on reconciling FFATA submissions; as a result, Department staff identified the two submissions previously missed, but the reallocations and reconciliations were not made in time to ensure the Department met all of its required FFATA report submission timelines. In addition, Department staff indicated that they made a conscious decision to not report the Title I subawards until May 2022?even though the initial subawards were finalized in January 2022?because the Department had historically received multiple funding allocations in addition to the initial allocation that required FFATA reporting for each allocation for up to 178 subawardees. However, the Department did not communicate with the federal awarding agency to determine whether waiting until it received all related allocations to submit its FFATA reports was appropriate. During the majority of Fiscal Year 2022, the Department also did not have a control, such as a reconciliation, to help identify subawards that went unreported during the fiscal year. Why do these problems matter? By failing to properly report FFATA subawards through FSRS, the Department is out of compliance with federal reporting requirements and risks federal sanctions. In addition, the Department fails to meet the federal intent of transparency for federal program spending. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-042 The Department of Education (Department) should strengthen its internal controls over, and ensure it complies with requirements under, the Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) reporting by: A. Improving the Department?s process for determining the timing of reporting within the FFATA Subaward Reporting System. This process should include appropriately allocating staff resources for reporting responsibilities, and considerations such as expected future award allocations and communications with the federal awarding agency when it is determined to not be feasible to report information in a timely manner. B. Continuing to develop and implement reconciliation procedures to identify subawards that went unreported during the fiscal year. Response Department of Education A. Agree Implementation Date: December 31, 2022 We agree with this recommendation. In recent years, the Federal Government had multiple continuing resolutions in their budget process, resulting in CDE?s Title I allocations coming in multiple iterations. For the last several years, CDE has received revised allocations from the US Department of Education for the fiscal year as late as early summer; in one example, we received six revisions. With staffing shortages and the administrative burden to continuously revise, research issues and update FFATA for each allocation change, CDE took the step to report only the final allocation to FFATA, which was reported as of the month the awardee was awarded. However, the report was submitted later in the fiscal year. CDE will take a two-fold approach to rectify the issue related to the required FFATA reporting for Title I. First, we will report to FSRS the initial awards within 30 days following the date the awardee was provided final approval on their award. This is consistent with CDE?s approach to all other federal awards. Second, we will monitor the continuing resolutions and changes in allocations, and report only the net changes to each awardee, in the month those changes occur from the US Department of Education. Thereby, FSRS will represent the total revised award. In addition to this approach, all Title I awards will continue to be a part of our regular FFATA reconciliation process. B. Agree Implementation Date: December 31, 2022 We agree with this recommendation. CDE identified its own failure to report two ESSER subawards to FFATA within 30 days as part of the successful development and implementation of a FFATA-specific reconciliation process in Summer 2022. CDE will continue to refine and improve its FFATA reconciliation process.
Finding 2022-042 Federal Funding Accountability and Transparency Act The Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) was created to empower Americans with the ability to hold the government accountable for each spending decision and, as a result, to reduce wasteful spending by the government. The Transparency Act requires the federal government to make certain information on federal awards available to the public. In order to obtain this information, the federal government requires grant recipients to provide information to it. For example, the federal Department of Education (DOE) requires the Department to report information about subgrants, or subawards, it gives to other governments or to nonprofit organizations (also referred to as subrecipients) from the DOE grants it receives. Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the Department, to an entity to carry out part of a Federal grant award received by the pass-through entity. The Department is specifically required to file FFATA reports through the FFATA Subaward Reporting System (FSRS). Once the Department submits a report to FSRS, the public can view certain information from the report, including the subrecipient?s name, subaward identification number, subaward obligation/action date, subaward amount, federal awarding agency and subagency, the Department?s name, and the Department?s grant award identification number. The Department is required to file a FFATA report in the following circumstances: ? If the initial award is equal to or more than $30,000; ? If subsequent grant modifications result in a total award are equal to or more than $30,000; ? If the initial award is equal to or more than $30,000 but funding is subsequently de-obligated such that the total award amount falls below $30,000. The Department?s required FFATA reports for Fiscal Year 2022 included information on Title I Grants to Local Education Agencies [ALN 84.010] and COVID-19 Education Stabilization Fund (ESF) [84.425], specifically Elementary and Secondary School Emergency Relief (ESSER) Fund [84.425D] and American Rescue Plan - Elementary and Secondary School Emergency Relief (ARP ESSER) [84.425U]. FFATA reporting was required for the Department because the Department passed through funds to one or more subrecipients for both programs in excess of $30,000. The Department is required to report the subaward information in FSRS no later than the end of the month following the month in which the award was made. According to the Department, during Fiscal Year 2022, it was required to submit and revise 180 and 450 FFATA reports for the Title I and ESF programs, respectively. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the Department had adequate internal controls over FFATA reporting during Fiscal Year 2022 and whether the information in the Department?s submitted FFATA reports was accurate and submitted in a timely manner. We requested a list of all Title I and ESF subawards made by the Department during Fiscal Year 2022. We then selected a sample of 18 Title I and 29 ESF subawards and requested copies of the FFATA reports that were uploaded to the FSRS system by the Department. The full FFATA reports are only accessible by the Department and are not fully viewable on FSRS. Once the Department provided copies of the uploaded reports, we then reviewed the FFATA reports within FSRS for each subaward selected for testing to determine if the FFATA report was made in a timely manner in accordance with federal regulations. How were the results of the audit work measured? In accordance with federal regulations [2 CFR 170], direct recipients of federal grants are required to report subawards of $30,000 or more to FSRS by the end of the month following the month in which the award was made. For example, the Department would have to submit a FFATA report to FSRS in May 2022 if an award or supplemental award equal to or greater than $30,000 was made in April 2022. The FFATA reports are required to include the following key data elements: ? Subrecipient name ? Subrecipient DUNS number ? Amount of subaward ? Subaward obligation/action date ? Date of report submission ? Subaward number ? Subaward project description ? Subrecipient names and compensation of highly compensated officers Transparency Act reporting requirements outlined on the FSRS website prescribe certain information that must be reported for these subawards, including the name of the entity receiving the award, the award amount, funding agency, and unique identifier of the entity. Federal regulations [2 CFR 200.303] require the non-Federal entity, in this instance the Department, to establish and maintain effective internal controls over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. What problems did the audit work identify? Based on our audit testwork, for the sample we tested, we determined that the Department was late in reporting all 18 of 18 Title I subawards in FSRS, by an average of 3 to 4 months, and failed to report 1 of 29 ESF subawards by the time of our audit, which represented a delay of approximately 16 months; and was late in reporting 2 of 29 ESF subawards by approximately 7 and 10 months, respectively. Collectively, these subawards totaled about $30 million for Fiscal Year 2022. The following tables summarize the results of our testing and group each exception within the following categories: Subaward Not Reported and Report Not Timely. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Why did these problems occur? The Department reported that an influx in pandemic funding resulted in the Department experiencing a 233 percent volume increase in funding distributions and to more than 5,000 submissions and resubmissions in its required Fiscal Year 2022 FFATA reporting for all federal programs managed by the Department?s grant fiscal team. The Department indicated that its grant fiscal team also experienced staff turnover and vacancies during the year and the Department did not adequately reassign resources to ensure FFATA reporting requirements were identified and that reports were submitted on time. Initially, only one FTE was dedicated to FFATA reporting. During the year, the Department allocated a portion of the FFATA workload to another existing FTE and added an additional FTE in May 2022 to work on reconciling FFATA submissions; as a result, Department staff identified the two submissions previously missed, but the reallocations and reconciliations were not made in time to ensure the Department met all of its required FFATA report submission timelines. In addition, Department staff indicated that they made a conscious decision to not report the Title I subawards until May 2022?even though the initial subawards were finalized in January 2022?because the Department had historically received multiple funding allocations in addition to the initial allocation that required FFATA reporting for each allocation for up to 178 subawardees. However, the Department did not communicate with the federal awarding agency to determine whether waiting until it received all related allocations to submit its FFATA reports was appropriate. During the majority of Fiscal Year 2022, the Department also did not have a control, such as a reconciliation, to help identify subawards that went unreported during the fiscal year. Why do these problems matter? By failing to properly report FFATA subawards through FSRS, the Department is out of compliance with federal reporting requirements and risks federal sanctions. In addition, the Department fails to meet the federal intent of transparency for federal program spending. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-042 The Department of Education (Department) should strengthen its internal controls over, and ensure it complies with requirements under, the Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) reporting by: A. Improving the Department?s process for determining the timing of reporting within the FFATA Subaward Reporting System. This process should include appropriately allocating staff resources for reporting responsibilities, and considerations such as expected future award allocations and communications with the federal awarding agency when it is determined to not be feasible to report information in a timely manner. B. Continuing to develop and implement reconciliation procedures to identify subawards that went unreported during the fiscal year. Response Department of Education A. Agree Implementation Date: December 31, 2022 We agree with this recommendation. In recent years, the Federal Government had multiple continuing resolutions in their budget process, resulting in CDE?s Title I allocations coming in multiple iterations. For the last several years, CDE has received revised allocations from the US Department of Education for the fiscal year as late as early summer; in one example, we received six revisions. With staffing shortages and the administrative burden to continuously revise, research issues and update FFATA for each allocation change, CDE took the step to report only the final allocation to FFATA, which was reported as of the month the awardee was awarded. However, the report was submitted later in the fiscal year. CDE will take a two-fold approach to rectify the issue related to the required FFATA reporting for Title I. First, we will report to FSRS the initial awards within 30 days following the date the awardee was provided final approval on their award. This is consistent with CDE?s approach to all other federal awards. Second, we will monitor the continuing resolutions and changes in allocations, and report only the net changes to each awardee, in the month those changes occur from the US Department of Education. Thereby, FSRS will represent the total revised award. In addition to this approach, all Title I awards will continue to be a part of our regular FFATA reconciliation process. B. Agree Implementation Date: December 31, 2022 We agree with this recommendation. CDE identified its own failure to report two ESSER subawards to FFATA within 30 days as part of the successful development and implementation of a FFATA-specific reconciliation process in Summer 2022. CDE will continue to refine and improve its FFATA reconciliation process.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.