Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
The following findings and recommendations relating to internal control deficiencies classified as Material Weaknesses were communicated to the Department in the previous year and have not been remediated as of June 30, 2022 because the original implementation dates provided by the Department were in a subsequent fiscal year. These complete findings and recommendations can be found within the original report and the complete recommendations can be found within Section IV: Prior Audit Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Finding 2021-060 Misreporting of Federal Expenditures for the COVID-19 ?Pandemic EBT Food Benefits and Child Care and Development Block Grant on the Exhibit K1 Each year, the Department is required to prepare an exhibit containing the Department?s federal expenditures and related reimbursements to aid the Colorado Office of the State Controller (OSC) in the preparation of the State?s Schedule of Expenditures of Federal Awards (SEFA); this exhibit is referred to as the Exhibit K1, Schedule of Federal Assistance. The Exhibit K1 should include expenditures for grants received directly from the federal government and expended by the Department (direct expenditures), as well as expenditures for federal grants passed through by the Department to other State and/or non-State agencies (subrecipient expenditures). The SEFA is to be presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) to show the State?s expenditures of federal awards during the fiscal year. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Annually, the Department prepares its Exhibit K1 by following a process documented in its program accounting manual. First, program accountants review and analyze information from CORE for the federal Assistance Listing Number (ALN)?s related to the programs they support. The program accountants complete this review using a CORE report that the Department created, pulling transaction detail level data by ALN. Once the reviews and analysis are complete, the program accountants enter the information on the Department?s Exhibit K1 template for the correlating ALN. After the exhibit is prepared, the Department?s program accounting manual requires that it goes through two levels of review for accuracy. Once these reviews are completed, the Department submits the final Exhibit K1 to the OSC. The Department is also separately required within its approved State Plan for the COVID-19 ? Pandemic EBT Food Benefits program [ALN 10.542] (P-EBT) to report its P-EBT federal expenditures to the U.S. Department of Agriculture (USDA) via the Report of Disaster Food Stamp Benefit Issuance (FNS-292-B). The Department is also required to support the financial expenditures reported on the FNS-292-B report with source data and files, which includes a P-EBT Summary report that is exported from the Colorado Benefits Management System (CBMS) and includes the number of eligible children, number of eligible households, and total amount paid in P-EBT benefits. The P-EBT summary report is then reconciled by the Department to the County Financial Management System (CFMS), where the counties? issuance of P-EBT program benefits is accumulated and reported. For Fiscal Year 2021, the Department administered more than 70 federal programs and expended approximately $2.4 billion in federal funds. The P-EBT program and Child Care and Development Block Grant (Grant) [ALN 93.575] were two of these federal programs administered by the Department during Fiscal Year 2021. The Department reported more than $292 million in federal expenditures for the P-EBT program and approximately $74 million in federal expenditures for the Grant in Fiscal Year 2021. What was the purpose of our audit work and what work was performed? The purpose of our audit work was to evaluate the Department?s internal controls over the preparation of its Exhibit K1 during Fiscal Year 2021 and to determine whether the Department correctly reported its Fiscal Year 2021 federal grant expenditures to the OSC on its Exhibit K1. The purpose of our audit work was also to evaluate the Department?s internal controls over the financial reporting to the USDA regarding the P-EBT program. As part of our audit testwork, we compared amounts reported by the Department for direct and subrecipient federal expenditures on its Fiscal Year 2021 Exhibit K1 to the underlying financial records in CORE for the Grant and P-EBT federal programs and inquired about any differences. In addition, we made inquiries of Department staff regarding its internal control processes over the Exhibit K1 preparation, including supervisory reviews. We also reviewed 4 out of 12 Fiscal Year 2021 monthly submissions to the USDA for the FNS-292-B reports and compared federal expenditure amounts reported by the Department to the underlying financial records in CORE. How were the results of the audit work measured? The OSC is required to present the State?s SEFA in accordance with the federal requirements of the Uniform Guidance to show the State?s expenditures of federal awards during the fiscal year. Federal regulations [2 CFR 200.38(b)] define a federal award as, ?The instrument setting forth the terms and conditions. The instrument is the grant agreement, cooperative agreement, other agreement for assistance?? Federal regulations [2 CFR 200.510(b)(3) and (4)] require that the SEFA must show both total federal awards expended for each individual federal program, the Assistance Listing Number, and the total amount passed through to subrecipients for each federal program. In order to prepare the SEFA, the OSC requires state departments to submit an Exhibit K1 to report expenditures, receipts, and receivables for each federal grant program administered by the Department during the fiscal year. The OSC?s exhibit instructions include guidelines for completing the Exhibit K1, including defining ?direct and indirect expenditures? as ?all monetary and non-monetary direct and indirect Federal award expenditures,? and ?pass-through expenditures? as ?the amount of all monetary and non-monetary Federal award amounts passed through to a subrecipient.? For the Department?s Grant federal program, subrecipients consist of counties, school districts, and health centers. State Fiscal Rule 1-2, Internal Controls, requires that state departments ?implement internal accounting and administrative controls that reasonably ensure that financial transactions are accurate, reliable, conform to state fiscal rules, and reflect the underlying realities of the accounting transaction (substance rather than form).? Federal regulations [7 CFR 274.4] require the Department to submit an FNS-292-B report in the format prescribed by the USDA with information detailing the P-EBT federal benefit payments. The Department is required to support the information in the report with its underlying records. The FNS-292-B report is identified as a required report within the Department?s State Plan that is approved by the USDA. What problems did the audit work identify? The Department overstated $63.5 million in P-EBT expenditures on its June 2021 FNS-292-B report to USDA that was submitted on August 30, 2021, as well as on the Department?s Exhibit K1 for Fiscal Year 2021. The Department subsequently identified that the FNS-292-B report was misstated and updated and resubmitted the report on September 28, 2021, approximately one month later. The Department, however, did not update its Exhibit K1 for Fiscal Year 2021 to correct the error, because the program staff did not notify the accounting team of the misstatement and need for Exhibit K1 correction. Based on our audit testwork, we also determined that the Department misreported $8.7 million in the Grant?s expenditures as subrecipient, rather than direct, expenditures on its Exhibit K1. Why did these problems occur? The P-EBT program staff did not notify the Department?s accounting team, who prepares the Exhibit K1, of a revision to the FNS-292-B report. The P-EBT program staff prepared the reconciliation of the CBMS summary report to the CFMS P-EBT benefits issued report and identified a variance. The variance was eventually resolved and the P-EBT program staff resubmitted the FNS-292-B report to the USDA; however P-EBT program staff did not communicate this error to the Department?s accounting team. As a result, the accounting team was unaware of the revision and, therefore, did not update the Exhibit K1 to reflect the reduction in federal expenditures. Overall, the Department did not have adequate internal controls, such as an appropriate supervisory review process or adequate communication plan, in place for Fiscal Year 2021 to ensure that the FNS-292-B report was prepared accurately, that the Exhibit K1 was completed in accordance with the instructions provided by the OSC, and that the FNS-292-B and Exhibit K1 were reviewed for accuracy and compared to the underlying data. For the Grant program error, Department staff indicated that these funds were incorrectly identified and coded as subrecipient expenditures in CORE, which caused them to be incorrectly reported as such on the Exhibit K1. When the expenditures were initially posted in CORE, they were not adequately reviewed to determine if they were subrecipient or direct expenditures. Why do these problems matter? By failing to properly report grant expenditures to the federal government and the OSC, who ultimately then fails to properly report expenditures to the federal government on the State?s SEFA, the Department is out of compliance with federal and state reporting requirements and risks federal sanctions. In addition, because the error resulted in the Department misstating its federal expenditure results for the fiscal year, federal staff and taxpayers have an incorrect or unreliable picture of the P-EBT grant?s overall status. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2021-060 The Department of Human Services (Department) should strengthen its internal controls over the preparation of federal reports and the Exhibit K1, Schedule of Federal Assistance, by: A. Strengthening its internal controls over its monthly Pandemic Electronic Benefit Transfer Food Benefits (P-EBT) reporting to ensure its reporting is accurate and goes through supervisory review. B. Improving communication between program and accounting staff to ensure the Exhibit K1 is accurately updated when errors in federal reporting are identified and resolved. C. Improving the supervisory review process over the Exhibit K1 and the federal expenditures entered in the Colorado Operations Resource Engine (CORE), the state?s accounting system, to ensure expenditures are coded correctly as direct or subrecipient expenditures and that, ultimately, the Exhibit K1 is accurate and complete. Response Department of Human Services A. Agree Implementation Date: July 2022 CDHS agrees to enhance internal controls over monthly P-EBT reporting to better ensure accuracy. P-EBT is a new program derived from pandemic funding. Being a new program with a lack of federal guidance at implementation, and urgency to get the funds disbursed program staff had to learn about the nuances of the program and the reporting requirements as it was being implemented. During implementation we recognized that there are some inherent differences with P-EBT from other benefit programs which caused processes to have to be adjusted slightly. Additionally, timing of federal report filing for the P-EBT program is not in synch with our other processes and associated federal reporting requirements and deadlines. This makes it impossible to ensure reconciliation procedures are performed before filing occurs, which is one of our typical internal controls. As a compensating internal control CDHS will ensure that supervisory review processes are performed over P-EBT reporting, and that P-EBT reporting is reconciled to other sources (CBMS and CFMS) as soon as possible after reporting is available. If changes are discovered CDHS will make adjustments to filed P-EBT reports as needed based on reconciliation findings, and communicate changes to necessary parties. B. Agree Implementation Date: July 2022 CDHS will work to ensure better coordination between program activities and the accounting section relating to federal reporting changes. Accounting will iterate the importance of timely informing the accounting staff when changes are made to program filed federal reports. This message will be delivered in periodic fiscal meetings and identified on the closing calendar. The P-EBT program will ensure that corrections are communicated to accounting on any updates completed on the FNS-292-B report upon discovery, and no later than 30 days after the reporting period. C. Agree Implementation Date: July 2022 CDHS will ensure that review and approval processes are occurring as designed at various points in the process leading up to entry into CORE. As part of the Requisition (RQS) approval process program and accounting staff independently approve that the correct direct or subrecipient object code is used. These approved RQS transactions are then transitioned into encumbrance documents that drive which object code future expenditures will be booked to. For CCDF transactions related to this finding, both the OEC and Accounting teams inadvertently approved an incorrect object code in 4 RQS's. Staffing shortages coupled with a large increase in workload related to pandemic funding contributed to this oversight. To correct OEC and Accounting will train new staff, periodically familiarize themselves with the appropriate object codes, and perform quality assurance review over object codes before applying approval in CORE. The K1 is compiled from balances derived from expenditure data recorded in CORE. The compilation of the K1 relies on the fact that expenditure balances are accurate, and that prior reviews and approvals of individual transactions have occurred as designed. The K1 currently goes through various levels of review focusing on balance level validation coupled with analytical procedures. To enhance the review process, CDHS will ensure analytical procedures include line level expenditure comparison at the direct and subrecipient levels.
The following findings and recommendations relating to internal control deficiencies classified as Material Weaknesses were communicated to the Department in the previous year and have not been remediated as of June 30, 2022 because the original implementation dates provided by the Department were in a subsequent fiscal year. These complete findings and recommendations can be found within the original report and the complete recommendations can be found within Section IV: Prior Audit Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Finding 2021-059 Federal Funding Accountability and Transparency Act The Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) was created to empower Americans with the ability to hold the government accountable for each spending decision and, as a result, to reduce wasteful spending by the government. The Transparency Act requires the federal government to make certain information on federal awards available to the public. The Department is required to report information about subgrants, or subawards, given to other governments or to nonprofit organizations, also referred to as subrecipients. Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the Department, to an entity to carry out part of a Federal grant award received by the pass-through entity. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? The Department is required to file FFATA reports through the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). Once the Department submits a report to FSRS, the public can view certain information from the report, including the subrecipient?s name, subaward identification number, subaward obligation/action date, subaward amount, federal awarding agency and subagency, the Department?s name, and the Department?s grant award identification number. The Department?s required FFATA reports for Fiscal Year 2021 included information on the Low-Income Home Energy Assistance (LIHEAP), COVID-19 ? Low-Income Home Energy Assistance [ALN 93.568]; the Child Care and Development Fund (CCDF) Cluster, consisting of the Child Care and Development Block Grant [ALN 93.575], and Child Care Mandatory and Matching Funds of the Child Care and Development Fund [ALN 93.596]; and the Block Grant for Prevention and Treatment of Substance Abuse (Substance Abuse), COVID-19 ? Block Grant for Prevention and Treatment of Substance Abuse [ALN 93.959]. FFATA reporting was required for the Department because the Department passed through funds to one or more subrecipients for each of the three programs in excess of $30,000, as follows: LIHEAP funds to one subrecipient, CCDF funds to nine subrecipients, and Substance Abuse funds to seven subrecipients for Fiscal Year 2021. What was the purpose of our audit work and what work was performed? The purpose of our audit work was to evaluate the Department?s internal controls over the FFATA reporting and to determine whether the Department correctly reported its subawards to the FSRS during Fiscal Year 2021. Based on our audit testwork, we reviewed the Department?s subawards and related federal expenditures in Fiscal Year 2021 to determine if there was FFATA reporting that was completed within the month following the month the subaward was made, as required. We compared amounts reported by the Department for subawards in FSRS to the underlying financial records reported in the Colorado Operations Resource Engine (CORE), the state?s accounting system, for the LIHEAP, CCDF, and Substance Abuse programs and inquired about any differences. In addition, we made inquiries of Department staff regarding its internal control processes over the FFATA reporting, including supervisory reviews. We reviewed the following number of subrecipient samples within each program for their internal control over compliance and compliance with FFATA reporting standards: LIHEAP had one sample, CCDF had five samples, and Substance Abuse had five samples. We reviewed the FFATA reports within FSRS for each subrecipient selected for testing to determine if the FFATA report was made in a timely manner in accordance with federal regulations and contained all of the required key data elements. How were the results of the audit work measured? In accordance with federal regulations [2 CFR 170], direct recipients of grants are required to report subawards of $30,000 or more to FSRS by the end of the month following the month in which the award was made. If the Department makes additional subawards greater than or equal to $30,000 under that same subaward at a later date or makes a supplemental award that increases an existing award to greater than or equal to $30,000, it must file additional FFATA reports to reflect the new or amended subaward. If the subaward does not change, no additional reporting is required. The FFATA reports are required to include the following key data elements: subrecipient name, subrecipient DUNS number, amount of subaward, subaward obligation/action date, date of report submission, subaward number, subaward project description, and subrecipient names and compensation of highly compensated officers. The Department?s program staff are responsible for understanding FFATA reporting requirements related to their programs, and providing key data elements for subrecipients at the point that funds are obligated. When program staff determine that the Department is making a subaward that requires FFATA reporting, program staff are required to report these key data elements in eClearance, an approval workflow and document depository system utilized by the Department in their purchasing process. Guidance for the FFATA reporting is included within the Department?s FFATA Quick Reference Guide that is made available to the program staff. Program staff enter the subaward information into eClearance via an online form called a Requisition eForm (eForm), which goes through an approval process and is then routed to the Department?s Purchasing and Contracts unit to process the purchase request that translates into an obligation of an award for subrecipients. Once the eForm is completed processing in eClearance, it is archived in the system and an automated query is run by the Department?s Business Technology Unit to export this data and it is automatically emailed to the Compliance Accounting team on a daily basis. Each day, the Department?s compliance accountant compiles the subaward data emailed to them that originated from eClearance into a daily report. At the end of the month, the compliance accountant combines the daily reports into a monthly summary and compares the monthly summary report to the daily reports to verify the summary report?s accuracy. The compliance accountant uses the information summarized within the monthly report to input the required FFATA information into FSRS, which ultimately is submitted as the required monthly FFATA report. What problems did the audit work identify? Based on our audit testwork, we determined that the Department did not report its subawards in FSRS for any of the three federal grant programs we tested for Fiscal Year 2021: the LIHEAP, CCDF, and Substance Abuse programs. In total, for the three programs, the Department failed to report subawards totaling $5.77 million (approximately $3.04 million for LIHEAP, approximately $861 thousand for CCDF, and approximately $1.87 million for Substance Abuse). The following tables summarize the results of our testing and groups each exception within the following categories: subaward not reported, report not timely, subaward amount incorrect, and subaward missing key elements. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Why did these problems occur? The Department does not have adequate internal controls over the FFATA reporting. Specifically, the Department has not validated the automated process to compile the data needed for the FFATA reports. In addition, the Department has not implemented a supervisory review process of the final FFATA report data that is used to submit the FFATA report via FSRS. We determined that automated reports generated did not include the full population of data needed to compile the FFATA reports. Based on test work, we found that program staff entered key data elements needed for FFATA reporting correctly into the eForm during the purchasing process, and that accounting staff used the data provided in the reports received to complete the FFATA reporting in FSRS. However, the data exported from eClearance and sent to accounting to compile the FFATA reports did not contain all of the population needed for reporting. Thus, accounting was using data that was not complete in the FFATA reporting to FSRS, but was unaware that the data was not complete. Further, when there was incomplete information in the data received, the compliance accountant failed to follow up with the various program staff to obtain the necessary information and input it into and submit it through FSRS. Why do these problems matter? By failing to properly report subawards to FSRS, the Department is out of compliance with federal reporting requirements and risks federal sanctions. In addition, information submitted via the FSRS is made publicly available at https://www.usaspending.gov/search; excluding the information could be misleading to the public and fails to meet the federal intent of transparency for federal program spending. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2021-059 The Department of Human Service (Department) should strengthen its internal controls over the Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) reporting by: A. Correcting the automated reporting process from eClearance to ensure that data compiled for Transparency Act reporting contains all relevant data. B. Developing and implementing procedures to validate that data derived from eClearance reports and ultimately used to compile Transparency Act reporting is complete and accurate by reviewing the population from an alternate source, such as the Colorado Operations Resource Engine. C. Improving the Department?s supervisory review process to provide for a complete and thorough review of the final FFATA report data that the Department will report within the Federal Funding Accountability and Transparency Act Subaward Reporting System. This process should include taking steps to ensure the compliance accountant follows up with the program staff if the necessary information is not input into eClearance, so that it can be obtained and reported accurately and timely. Response Department of Human Services A. Agree Implementation Date: July 2022 CDHS agrees that it needs to it needs to correct the automated reporting process from the eClearance system used to gather data needed for our FFATA reporting. The department thought that the reports obtained from eClearance were complete and relied on them as the basis of our reporting. Upon investigation we found that an internal process change enacted during the implementation of another system at the start of the pandemic was the cause of the data discrepancy. This occurred because the new system made the routing in eClearance after a certain point unnecessary for internal processing so this stopped. It was unkown that this further routing to archive files in eClearance was the trigger for eClearance to push out FFATA report data. Since the department has been able to identify the cause we are able to immediately remedy the problem and ensure that all processes are in sync to ensure accurate and complete FFATA data is contained in automated reporting processes. The department will catch up on FFATA reporting that was missed during this time frame. B. Agree Implementation Date: July 2022 The department agrees that it needs to implement procedures to validate that data derived from automated processes used as a basis for FFATA reporting should be periodically validated against another data source. To do this the department will create and implement procedures to use CORE reports of encumbrance data referencing subrecipient object codes and tie this to information received from the automated eClearance report. Doing this will validate that the data provided from eClearance is a complete listing of all FFATA reportable subrecipient awards, and thus is a valid source to base FFATA reporting on. This will also help us monitor the process in case any future inadvertent changes are made to processes that could cause data validity issues. C. Agree Implementation Date: July 2022 CDHS agrees that a supervisory review is needed over the FFATA reporting process in order to ensure more consistency, accuracy and timeliness in reporting processes and standards. The department is currently developing procedures that will allow for more oversight of the FFATA reporting through supervisory reviews and cross training staff on FFATA reporting duties. Supervisory reviews will help ensure that reporting is completed in line with reporting procedures and timeframes and can be a second set of eyes to ensure that information appears accurate and adds analytical judgement value (example - a supervisor might see that July typically has high volume, but this July volume is low, why). In addition, the department is taking this opportunity to cross train other staff on the process so that more individuals can be involved which leads to more transparency over processes allowing various individuals to notice if something isn't working as designed. These new procedures are being developed and implemented as the department catches up on reporting subrecipient awards that were missed since the automated process stopped working.
The following findings and recommendations relating to internal control deficiencies classified as Material Weaknesses were communicated to the Department in the previous year and have not been remediated as of June 30, 2022 because the original implementation dates provided by the Department were in a subsequent fiscal year. These complete findings and recommendations can be found within the original report and the complete recommendations can be found within Section IV: Prior Audit Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Finding 2021-059 Federal Funding Accountability and Transparency Act The Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) was created to empower Americans with the ability to hold the government accountable for each spending decision and, as a result, to reduce wasteful spending by the government. The Transparency Act requires the federal government to make certain information on federal awards available to the public. The Department is required to report information about subgrants, or subawards, given to other governments or to nonprofit organizations, also referred to as subrecipients. Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the Department, to an entity to carry out part of a Federal grant award received by the pass-through entity. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? The Department is required to file FFATA reports through the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). Once the Department submits a report to FSRS, the public can view certain information from the report, including the subrecipient?s name, subaward identification number, subaward obligation/action date, subaward amount, federal awarding agency and subagency, the Department?s name, and the Department?s grant award identification number. The Department?s required FFATA reports for Fiscal Year 2021 included information on the Low-Income Home Energy Assistance (LIHEAP), COVID-19 ? Low-Income Home Energy Assistance [ALN 93.568]; the Child Care and Development Fund (CCDF) Cluster, consisting of the Child Care and Development Block Grant [ALN 93.575], and Child Care Mandatory and Matching Funds of the Child Care and Development Fund [ALN 93.596]; and the Block Grant for Prevention and Treatment of Substance Abuse (Substance Abuse), COVID-19 ? Block Grant for Prevention and Treatment of Substance Abuse [ALN 93.959]. FFATA reporting was required for the Department because the Department passed through funds to one or more subrecipients for each of the three programs in excess of $30,000, as follows: LIHEAP funds to one subrecipient, CCDF funds to nine subrecipients, and Substance Abuse funds to seven subrecipients for Fiscal Year 2021. What was the purpose of our audit work and what work was performed? The purpose of our audit work was to evaluate the Department?s internal controls over the FFATA reporting and to determine whether the Department correctly reported its subawards to the FSRS during Fiscal Year 2021. Based on our audit testwork, we reviewed the Department?s subawards and related federal expenditures in Fiscal Year 2021 to determine if there was FFATA reporting that was completed within the month following the month the subaward was made, as required. We compared amounts reported by the Department for subawards in FSRS to the underlying financial records reported in the Colorado Operations Resource Engine (CORE), the state?s accounting system, for the LIHEAP, CCDF, and Substance Abuse programs and inquired about any differences. In addition, we made inquiries of Department staff regarding its internal control processes over the FFATA reporting, including supervisory reviews. We reviewed the following number of subrecipient samples within each program for their internal control over compliance and compliance with FFATA reporting standards: LIHEAP had one sample, CCDF had five samples, and Substance Abuse had five samples. We reviewed the FFATA reports within FSRS for each subrecipient selected for testing to determine if the FFATA report was made in a timely manner in accordance with federal regulations and contained all of the required key data elements. How were the results of the audit work measured? In accordance with federal regulations [2 CFR 170], direct recipients of grants are required to report subawards of $30,000 or more to FSRS by the end of the month following the month in which the award was made. If the Department makes additional subawards greater than or equal to $30,000 under that same subaward at a later date or makes a supplemental award that increases an existing award to greater than or equal to $30,000, it must file additional FFATA reports to reflect the new or amended subaward. If the subaward does not change, no additional reporting is required. The FFATA reports are required to include the following key data elements: subrecipient name, subrecipient DUNS number, amount of subaward, subaward obligation/action date, date of report submission, subaward number, subaward project description, and subrecipient names and compensation of highly compensated officers. The Department?s program staff are responsible for understanding FFATA reporting requirements related to their programs, and providing key data elements for subrecipients at the point that funds are obligated. When program staff determine that the Department is making a subaward that requires FFATA reporting, program staff are required to report these key data elements in eClearance, an approval workflow and document depository system utilized by the Department in their purchasing process. Guidance for the FFATA reporting is included within the Department?s FFATA Quick Reference Guide that is made available to the program staff. Program staff enter the subaward information into eClearance via an online form called a Requisition eForm (eForm), which goes through an approval process and is then routed to the Department?s Purchasing and Contracts unit to process the purchase request that translates into an obligation of an award for subrecipients. Once the eForm is completed processing in eClearance, it is archived in the system and an automated query is run by the Department?s Business Technology Unit to export this data and it is automatically emailed to the Compliance Accounting team on a daily basis. Each day, the Department?s compliance accountant compiles the subaward data emailed to them that originated from eClearance into a daily report. At the end of the month, the compliance accountant combines the daily reports into a monthly summary and compares the monthly summary report to the daily reports to verify the summary report?s accuracy. The compliance accountant uses the information summarized within the monthly report to input the required FFATA information into FSRS, which ultimately is submitted as the required monthly FFATA report. What problems did the audit work identify? Based on our audit testwork, we determined that the Department did not report its subawards in FSRS for any of the three federal grant programs we tested for Fiscal Year 2021: the LIHEAP, CCDF, and Substance Abuse programs. In total, for the three programs, the Department failed to report subawards totaling $5.77 million (approximately $3.04 million for LIHEAP, approximately $861 thousand for CCDF, and approximately $1.87 million for Substance Abuse). The following tables summarize the results of our testing and groups each exception within the following categories: subaward not reported, report not timely, subaward amount incorrect, and subaward missing key elements. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Why did these problems occur? The Department does not have adequate internal controls over the FFATA reporting. Specifically, the Department has not validated the automated process to compile the data needed for the FFATA reports. In addition, the Department has not implemented a supervisory review process of the final FFATA report data that is used to submit the FFATA report via FSRS. We determined that automated reports generated did not include the full population of data needed to compile the FFATA reports. Based on test work, we found that program staff entered key data elements needed for FFATA reporting correctly into the eForm during the purchasing process, and that accounting staff used the data provided in the reports received to complete the FFATA reporting in FSRS. However, the data exported from eClearance and sent to accounting to compile the FFATA reports did not contain all of the population needed for reporting. Thus, accounting was using data that was not complete in the FFATA reporting to FSRS, but was unaware that the data was not complete. Further, when there was incomplete information in the data received, the compliance accountant failed to follow up with the various program staff to obtain the necessary information and input it into and submit it through FSRS. Why do these problems matter? By failing to properly report subawards to FSRS, the Department is out of compliance with federal reporting requirements and risks federal sanctions. In addition, information submitted via the FSRS is made publicly available at https://www.usaspending.gov/search; excluding the information could be misleading to the public and fails to meet the federal intent of transparency for federal program spending. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2021-059 The Department of Human Service (Department) should strengthen its internal controls over the Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) reporting by: A. Correcting the automated reporting process from eClearance to ensure that data compiled for Transparency Act reporting contains all relevant data. B. Developing and implementing procedures to validate that data derived from eClearance reports and ultimately used to compile Transparency Act reporting is complete and accurate by reviewing the population from an alternate source, such as the Colorado Operations Resource Engine. C. Improving the Department?s supervisory review process to provide for a complete and thorough review of the final FFATA report data that the Department will report within the Federal Funding Accountability and Transparency Act Subaward Reporting System. This process should include taking steps to ensure the compliance accountant follows up with the program staff if the necessary information is not input into eClearance, so that it can be obtained and reported accurately and timely. Response Department of Human Services A. Agree Implementation Date: July 2022 CDHS agrees that it needs to it needs to correct the automated reporting process from the eClearance system used to gather data needed for our FFATA reporting. The department thought that the reports obtained from eClearance were complete and relied on them as the basis of our reporting. Upon investigation we found that an internal process change enacted during the implementation of another system at the start of the pandemic was the cause of the data discrepancy. This occurred because the new system made the routing in eClearance after a certain point unnecessary for internal processing so this stopped. It was unkown that this further routing to archive files in eClearance was the trigger for eClearance to push out FFATA report data. Since the department has been able to identify the cause we are able to immediately remedy the problem and ensure that all processes are in sync to ensure accurate and complete FFATA data is contained in automated reporting processes. The department will catch up on FFATA reporting that was missed during this time frame. B. Agree Implementation Date: July 2022 The department agrees that it needs to implement procedures to validate that data derived from automated processes used as a basis for FFATA reporting should be periodically validated against another data source. To do this the department will create and implement procedures to use CORE reports of encumbrance data referencing subrecipient object codes and tie this to information received from the automated eClearance report. Doing this will validate that the data provided from eClearance is a complete listing of all FFATA reportable subrecipient awards, and thus is a valid source to base FFATA reporting on. This will also help us monitor the process in case any future inadvertent changes are made to processes that could cause data validity issues. C. Agree Implementation Date: July 2022 CDHS agrees that a supervisory review is needed over the FFATA reporting process in order to ensure more consistency, accuracy and timeliness in reporting processes and standards. The department is currently developing procedures that will allow for more oversight of the FFATA reporting through supervisory reviews and cross training staff on FFATA reporting duties. Supervisory reviews will help ensure that reporting is completed in line with reporting procedures and timeframes and can be a second set of eyes to ensure that information appears accurate and adds analytical judgement value (example - a supervisor might see that July typically has high volume, but this July volume is low, why). In addition, the department is taking this opportunity to cross train other staff on the process so that more individuals can be involved which leads to more transparency over processes allowing various individuals to notice if something isn't working as designed. These new procedures are being developed and implemented as the department catches up on reporting subrecipient awards that were missed since the automated process stopped working.
The following findings and recommendations relating to internal control deficiencies classified as Material Weaknesses were communicated to the Department in the previous year and have not been remediated as of June 30, 2022 because the original implementation dates provided by the Department were in a subsequent fiscal year. These complete findings and recommendations can be found within the original report and the complete recommendations can be found within Section IV: Prior Audit Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Finding 2021-059 Federal Funding Accountability and Transparency Act The Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) was created to empower Americans with the ability to hold the government accountable for each spending decision and, as a result, to reduce wasteful spending by the government. The Transparency Act requires the federal government to make certain information on federal awards available to the public. The Department is required to report information about subgrants, or subawards, given to other governments or to nonprofit organizations, also referred to as subrecipients. Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the Department, to an entity to carry out part of a Federal grant award received by the pass-through entity. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? The Department is required to file FFATA reports through the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). Once the Department submits a report to FSRS, the public can view certain information from the report, including the subrecipient?s name, subaward identification number, subaward obligation/action date, subaward amount, federal awarding agency and subagency, the Department?s name, and the Department?s grant award identification number. The Department?s required FFATA reports for Fiscal Year 2021 included information on the Low-Income Home Energy Assistance (LIHEAP), COVID-19 ? Low-Income Home Energy Assistance [ALN 93.568]; the Child Care and Development Fund (CCDF) Cluster, consisting of the Child Care and Development Block Grant [ALN 93.575], and Child Care Mandatory and Matching Funds of the Child Care and Development Fund [ALN 93.596]; and the Block Grant for Prevention and Treatment of Substance Abuse (Substance Abuse), COVID-19 ? Block Grant for Prevention and Treatment of Substance Abuse [ALN 93.959]. FFATA reporting was required for the Department because the Department passed through funds to one or more subrecipients for each of the three programs in excess of $30,000, as follows: LIHEAP funds to one subrecipient, CCDF funds to nine subrecipients, and Substance Abuse funds to seven subrecipients for Fiscal Year 2021. What was the purpose of our audit work and what work was performed? The purpose of our audit work was to evaluate the Department?s internal controls over the FFATA reporting and to determine whether the Department correctly reported its subawards to the FSRS during Fiscal Year 2021. Based on our audit testwork, we reviewed the Department?s subawards and related federal expenditures in Fiscal Year 2021 to determine if there was FFATA reporting that was completed within the month following the month the subaward was made, as required. We compared amounts reported by the Department for subawards in FSRS to the underlying financial records reported in the Colorado Operations Resource Engine (CORE), the state?s accounting system, for the LIHEAP, CCDF, and Substance Abuse programs and inquired about any differences. In addition, we made inquiries of Department staff regarding its internal control processes over the FFATA reporting, including supervisory reviews. We reviewed the following number of subrecipient samples within each program for their internal control over compliance and compliance with FFATA reporting standards: LIHEAP had one sample, CCDF had five samples, and Substance Abuse had five samples. We reviewed the FFATA reports within FSRS for each subrecipient selected for testing to determine if the FFATA report was made in a timely manner in accordance with federal regulations and contained all of the required key data elements. How were the results of the audit work measured? In accordance with federal regulations [2 CFR 170], direct recipients of grants are required to report subawards of $30,000 or more to FSRS by the end of the month following the month in which the award was made. If the Department makes additional subawards greater than or equal to $30,000 under that same subaward at a later date or makes a supplemental award that increases an existing award to greater than or equal to $30,000, it must file additional FFATA reports to reflect the new or amended subaward. If the subaward does not change, no additional reporting is required. The FFATA reports are required to include the following key data elements: subrecipient name, subrecipient DUNS number, amount of subaward, subaward obligation/action date, date of report submission, subaward number, subaward project description, and subrecipient names and compensation of highly compensated officers. The Department?s program staff are responsible for understanding FFATA reporting requirements related to their programs, and providing key data elements for subrecipients at the point that funds are obligated. When program staff determine that the Department is making a subaward that requires FFATA reporting, program staff are required to report these key data elements in eClearance, an approval workflow and document depository system utilized by the Department in their purchasing process. Guidance for the FFATA reporting is included within the Department?s FFATA Quick Reference Guide that is made available to the program staff. Program staff enter the subaward information into eClearance via an online form called a Requisition eForm (eForm), which goes through an approval process and is then routed to the Department?s Purchasing and Contracts unit to process the purchase request that translates into an obligation of an award for subrecipients. Once the eForm is completed processing in eClearance, it is archived in the system and an automated query is run by the Department?s Business Technology Unit to export this data and it is automatically emailed to the Compliance Accounting team on a daily basis. Each day, the Department?s compliance accountant compiles the subaward data emailed to them that originated from eClearance into a daily report. At the end of the month, the compliance accountant combines the daily reports into a monthly summary and compares the monthly summary report to the daily reports to verify the summary report?s accuracy. The compliance accountant uses the information summarized within the monthly report to input the required FFATA information into FSRS, which ultimately is submitted as the required monthly FFATA report. What problems did the audit work identify? Based on our audit testwork, we determined that the Department did not report its subawards in FSRS for any of the three federal grant programs we tested for Fiscal Year 2021: the LIHEAP, CCDF, and Substance Abuse programs. In total, for the three programs, the Department failed to report subawards totaling $5.77 million (approximately $3.04 million for LIHEAP, approximately $861 thousand for CCDF, and approximately $1.87 million for Substance Abuse). The following tables summarize the results of our testing and groups each exception within the following categories: subaward not reported, report not timely, subaward amount incorrect, and subaward missing key elements. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Why did these problems occur? The Department does not have adequate internal controls over the FFATA reporting. Specifically, the Department has not validated the automated process to compile the data needed for the FFATA reports. In addition, the Department has not implemented a supervisory review process of the final FFATA report data that is used to submit the FFATA report via FSRS. We determined that automated reports generated did not include the full population of data needed to compile the FFATA reports. Based on test work, we found that program staff entered key data elements needed for FFATA reporting correctly into the eForm during the purchasing process, and that accounting staff used the data provided in the reports received to complete the FFATA reporting in FSRS. However, the data exported from eClearance and sent to accounting to compile the FFATA reports did not contain all of the population needed for reporting. Thus, accounting was using data that was not complete in the FFATA reporting to FSRS, but was unaware that the data was not complete. Further, when there was incomplete information in the data received, the compliance accountant failed to follow up with the various program staff to obtain the necessary information and input it into and submit it through FSRS. Why do these problems matter? By failing to properly report subawards to FSRS, the Department is out of compliance with federal reporting requirements and risks federal sanctions. In addition, information submitted via the FSRS is made publicly available at https://www.usaspending.gov/search; excluding the information could be misleading to the public and fails to meet the federal intent of transparency for federal program spending. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2021-059 The Department of Human Service (Department) should strengthen its internal controls over the Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) reporting by: A. Correcting the automated reporting process from eClearance to ensure that data compiled for Transparency Act reporting contains all relevant data. B. Developing and implementing procedures to validate that data derived from eClearance reports and ultimately used to compile Transparency Act reporting is complete and accurate by reviewing the population from an alternate source, such as the Colorado Operations Resource Engine. C. Improving the Department?s supervisory review process to provide for a complete and thorough review of the final FFATA report data that the Department will report within the Federal Funding Accountability and Transparency Act Subaward Reporting System. This process should include taking steps to ensure the compliance accountant follows up with the program staff if the necessary information is not input into eClearance, so that it can be obtained and reported accurately and timely. Response Department of Human Services A. Agree Implementation Date: July 2022 CDHS agrees that it needs to it needs to correct the automated reporting process from the eClearance system used to gather data needed for our FFATA reporting. The department thought that the reports obtained from eClearance were complete and relied on them as the basis of our reporting. Upon investigation we found that an internal process change enacted during the implementation of another system at the start of the pandemic was the cause of the data discrepancy. This occurred because the new system made the routing in eClearance after a certain point unnecessary for internal processing so this stopped. It was unkown that this further routing to archive files in eClearance was the trigger for eClearance to push out FFATA report data. Since the department has been able to identify the cause we are able to immediately remedy the problem and ensure that all processes are in sync to ensure accurate and complete FFATA data is contained in automated reporting processes. The department will catch up on FFATA reporting that was missed during this time frame. B. Agree Implementation Date: July 2022 The department agrees that it needs to implement procedures to validate that data derived from automated processes used as a basis for FFATA reporting should be periodically validated against another data source. To do this the department will create and implement procedures to use CORE reports of encumbrance data referencing subrecipient object codes and tie this to information received from the automated eClearance report. Doing this will validate that the data provided from eClearance is a complete listing of all FFATA reportable subrecipient awards, and thus is a valid source to base FFATA reporting on. This will also help us monitor the process in case any future inadvertent changes are made to processes that could cause data validity issues. C. Agree Implementation Date: July 2022 CDHS agrees that a supervisory review is needed over the FFATA reporting process in order to ensure more consistency, accuracy and timeliness in reporting processes and standards. The department is currently developing procedures that will allow for more oversight of the FFATA reporting through supervisory reviews and cross training staff on FFATA reporting duties. Supervisory reviews will help ensure that reporting is completed in line with reporting procedures and timeframes and can be a second set of eyes to ensure that information appears accurate and adds analytical judgement value (example - a supervisor might see that July typically has high volume, but this July volume is low, why). In addition, the department is taking this opportunity to cross train other staff on the process so that more individuals can be involved which leads to more transparency over processes allowing various individuals to notice if something isn't working as designed. These new procedures are being developed and implemented as the department catches up on reporting subrecipient awards that were missed since the automated process stopped working.
The following findings and recommendations relating to internal control deficiencies classified as Material Weaknesses were communicated to the Department in the previous year and have not been remediated as of June 30, 2022 because the original implementation dates provided by the Department were in a subsequent fiscal year. These complete findings and recommendations can be found within the original report and the complete recommendations can be found within Section IV: Prior Audit Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Finding 2021-060 Misreporting of Federal Expenditures for the COVID-19 ?Pandemic EBT Food Benefits and Child Care and Development Block Grant on the Exhibit K1 Each year, the Department is required to prepare an exhibit containing the Department?s federal expenditures and related reimbursements to aid the Colorado Office of the State Controller (OSC) in the preparation of the State?s Schedule of Expenditures of Federal Awards (SEFA); this exhibit is referred to as the Exhibit K1, Schedule of Federal Assistance. The Exhibit K1 should include expenditures for grants received directly from the federal government and expended by the Department (direct expenditures), as well as expenditures for federal grants passed through by the Department to other State and/or non-State agencies (subrecipient expenditures). The SEFA is to be presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) to show the State?s expenditures of federal awards during the fiscal year. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Annually, the Department prepares its Exhibit K1 by following a process documented in its program accounting manual. First, program accountants review and analyze information from CORE for the federal Assistance Listing Number (ALN)?s related to the programs they support. The program accountants complete this review using a CORE report that the Department created, pulling transaction detail level data by ALN. Once the reviews and analysis are complete, the program accountants enter the information on the Department?s Exhibit K1 template for the correlating ALN. After the exhibit is prepared, the Department?s program accounting manual requires that it goes through two levels of review for accuracy. Once these reviews are completed, the Department submits the final Exhibit K1 to the OSC. The Department is also separately required within its approved State Plan for the COVID-19 ? Pandemic EBT Food Benefits program [ALN 10.542] (P-EBT) to report its P-EBT federal expenditures to the U.S. Department of Agriculture (USDA) via the Report of Disaster Food Stamp Benefit Issuance (FNS-292-B). The Department is also required to support the financial expenditures reported on the FNS-292-B report with source data and files, which includes a P-EBT Summary report that is exported from the Colorado Benefits Management System (CBMS) and includes the number of eligible children, number of eligible households, and total amount paid in P-EBT benefits. The P-EBT summary report is then reconciled by the Department to the County Financial Management System (CFMS), where the counties? issuance of P-EBT program benefits is accumulated and reported. For Fiscal Year 2021, the Department administered more than 70 federal programs and expended approximately $2.4 billion in federal funds. The P-EBT program and Child Care and Development Block Grant (Grant) [ALN 93.575] were two of these federal programs administered by the Department during Fiscal Year 2021. The Department reported more than $292 million in federal expenditures for the P-EBT program and approximately $74 million in federal expenditures for the Grant in Fiscal Year 2021. What was the purpose of our audit work and what work was performed? The purpose of our audit work was to evaluate the Department?s internal controls over the preparation of its Exhibit K1 during Fiscal Year 2021 and to determine whether the Department correctly reported its Fiscal Year 2021 federal grant expenditures to the OSC on its Exhibit K1. The purpose of our audit work was also to evaluate the Department?s internal controls over the financial reporting to the USDA regarding the P-EBT program. As part of our audit testwork, we compared amounts reported by the Department for direct and subrecipient federal expenditures on its Fiscal Year 2021 Exhibit K1 to the underlying financial records in CORE for the Grant and P-EBT federal programs and inquired about any differences. In addition, we made inquiries of Department staff regarding its internal control processes over the Exhibit K1 preparation, including supervisory reviews. We also reviewed 4 out of 12 Fiscal Year 2021 monthly submissions to the USDA for the FNS-292-B reports and compared federal expenditure amounts reported by the Department to the underlying financial records in CORE. How were the results of the audit work measured? The OSC is required to present the State?s SEFA in accordance with the federal requirements of the Uniform Guidance to show the State?s expenditures of federal awards during the fiscal year. Federal regulations [2 CFR 200.38(b)] define a federal award as, ?The instrument setting forth the terms and conditions. The instrument is the grant agreement, cooperative agreement, other agreement for assistance?? Federal regulations [2 CFR 200.510(b)(3) and (4)] require that the SEFA must show both total federal awards expended for each individual federal program, the Assistance Listing Number, and the total amount passed through to subrecipients for each federal program. In order to prepare the SEFA, the OSC requires state departments to submit an Exhibit K1 to report expenditures, receipts, and receivables for each federal grant program administered by the Department during the fiscal year. The OSC?s exhibit instructions include guidelines for completing the Exhibit K1, including defining ?direct and indirect expenditures? as ?all monetary and non-monetary direct and indirect Federal award expenditures,? and ?pass-through expenditures? as ?the amount of all monetary and non-monetary Federal award amounts passed through to a subrecipient.? For the Department?s Grant federal program, subrecipients consist of counties, school districts, and health centers. State Fiscal Rule 1-2, Internal Controls, requires that state departments ?implement internal accounting and administrative controls that reasonably ensure that financial transactions are accurate, reliable, conform to state fiscal rules, and reflect the underlying realities of the accounting transaction (substance rather than form).? Federal regulations [7 CFR 274.4] require the Department to submit an FNS-292-B report in the format prescribed by the USDA with information detailing the P-EBT federal benefit payments. The Department is required to support the information in the report with its underlying records. The FNS-292-B report is identified as a required report within the Department?s State Plan that is approved by the USDA. What problems did the audit work identify? The Department overstated $63.5 million in P-EBT expenditures on its June 2021 FNS-292-B report to USDA that was submitted on August 30, 2021, as well as on the Department?s Exhibit K1 for Fiscal Year 2021. The Department subsequently identified that the FNS-292-B report was misstated and updated and resubmitted the report on September 28, 2021, approximately one month later. The Department, however, did not update its Exhibit K1 for Fiscal Year 2021 to correct the error, because the program staff did not notify the accounting team of the misstatement and need for Exhibit K1 correction. Based on our audit testwork, we also determined that the Department misreported $8.7 million in the Grant?s expenditures as subrecipient, rather than direct, expenditures on its Exhibit K1. Why did these problems occur? The P-EBT program staff did not notify the Department?s accounting team, who prepares the Exhibit K1, of a revision to the FNS-292-B report. The P-EBT program staff prepared the reconciliation of the CBMS summary report to the CFMS P-EBT benefits issued report and identified a variance. The variance was eventually resolved and the P-EBT program staff resubmitted the FNS-292-B report to the USDA; however P-EBT program staff did not communicate this error to the Department?s accounting team. As a result, the accounting team was unaware of the revision and, therefore, did not update the Exhibit K1 to reflect the reduction in federal expenditures. Overall, the Department did not have adequate internal controls, such as an appropriate supervisory review process or adequate communication plan, in place for Fiscal Year 2021 to ensure that the FNS-292-B report was prepared accurately, that the Exhibit K1 was completed in accordance with the instructions provided by the OSC, and that the FNS-292-B and Exhibit K1 were reviewed for accuracy and compared to the underlying data. For the Grant program error, Department staff indicated that these funds were incorrectly identified and coded as subrecipient expenditures in CORE, which caused them to be incorrectly reported as such on the Exhibit K1. When the expenditures were initially posted in CORE, they were not adequately reviewed to determine if they were subrecipient or direct expenditures. Why do these problems matter? By failing to properly report grant expenditures to the federal government and the OSC, who ultimately then fails to properly report expenditures to the federal government on the State?s SEFA, the Department is out of compliance with federal and state reporting requirements and risks federal sanctions. In addition, because the error resulted in the Department misstating its federal expenditure results for the fiscal year, federal staff and taxpayers have an incorrect or unreliable picture of the P-EBT grant?s overall status. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2021-060 The Department of Human Services (Department) should strengthen its internal controls over the preparation of federal reports and the Exhibit K1, Schedule of Federal Assistance, by: A. Strengthening its internal controls over its monthly Pandemic Electronic Benefit Transfer Food Benefits (P-EBT) reporting to ensure its reporting is accurate and goes through supervisory review. B. Improving communication between program and accounting staff to ensure the Exhibit K1 is accurately updated when errors in federal reporting are identified and resolved. C. Improving the supervisory review process over the Exhibit K1 and the federal expenditures entered in the Colorado Operations Resource Engine (CORE), the state?s accounting system, to ensure expenditures are coded correctly as direct or subrecipient expenditures and that, ultimately, the Exhibit K1 is accurate and complete. Response Department of Human Services A. Agree Implementation Date: July 2022 CDHS agrees to enhance internal controls over monthly P-EBT reporting to better ensure accuracy. P-EBT is a new program derived from pandemic funding. Being a new program with a lack of federal guidance at implementation, and urgency to get the funds disbursed program staff had to learn about the nuances of the program and the reporting requirements as it was being implemented. During implementation we recognized that there are some inherent differences with P-EBT from other benefit programs which caused processes to have to be adjusted slightly. Additionally, timing of federal report filing for the P-EBT program is not in synch with our other processes and associated federal reporting requirements and deadlines. This makes it impossible to ensure reconciliation procedures are performed before filing occurs, which is one of our typical internal controls. As a compensating internal control CDHS will ensure that supervisory review processes are performed over P-EBT reporting, and that P-EBT reporting is reconciled to other sources (CBMS and CFMS) as soon as possible after reporting is available. If changes are discovered CDHS will make adjustments to filed P-EBT reports as needed based on reconciliation findings, and communicate changes to necessary parties. B. Agree Implementation Date: July 2022 CDHS will work to ensure better coordination between program activities and the accounting section relating to federal reporting changes. Accounting will iterate the importance of timely informing the accounting staff when changes are made to program filed federal reports. This message will be delivered in periodic fiscal meetings and identified on the closing calendar. The P-EBT program will ensure that corrections are communicated to accounting on any updates completed on the FNS-292-B report upon discovery, and no later than 30 days after the reporting period. C. Agree Implementation Date: July 2022 CDHS will ensure that review and approval processes are occurring as designed at various points in the process leading up to entry into CORE. As part of the Requisition (RQS) approval process program and accounting staff independently approve that the correct direct or subrecipient object code is used. These approved RQS transactions are then transitioned into encumbrance documents that drive which object code future expenditures will be booked to. For CCDF transactions related to this finding, both the OEC and Accounting teams inadvertently approved an incorrect object code in 4 RQS's. Staffing shortages coupled with a large increase in workload related to pandemic funding contributed to this oversight. To correct OEC and Accounting will train new staff, periodically familiarize themselves with the appropriate object codes, and perform quality assurance review over object codes before applying approval in CORE. The K1 is compiled from balances derived from expenditure data recorded in CORE. The compilation of the K1 relies on the fact that expenditure balances are accurate, and that prior reviews and approvals of individual transactions have occurred as designed. The K1 currently goes through various levels of review focusing on balance level validation coupled with analytical procedures. To enhance the review process, CDHS will ensure analytical procedures include line level expenditure comparison at the direct and subrecipient levels.
The following findings and recommendations relating to internal control deficiencies classified as Material Weaknesses were communicated to the Department in the previous year and have not been remediated as of June 30, 2022 because the original implementation dates provided by the Department were in a subsequent fiscal year. These complete findings and recommendations can be found within the original report and the complete recommendations can be found within Section IV: Prior Audit Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Finding 2021-059 Federal Funding Accountability and Transparency Act The Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) was created to empower Americans with the ability to hold the government accountable for each spending decision and, as a result, to reduce wasteful spending by the government. The Transparency Act requires the federal government to make certain information on federal awards available to the public. The Department is required to report information about subgrants, or subawards, given to other governments or to nonprofit organizations, also referred to as subrecipients. Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the Department, to an entity to carry out part of a Federal grant award received by the pass-through entity. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? The Department is required to file FFATA reports through the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). Once the Department submits a report to FSRS, the public can view certain information from the report, including the subrecipient?s name, subaward identification number, subaward obligation/action date, subaward amount, federal awarding agency and subagency, the Department?s name, and the Department?s grant award identification number. The Department?s required FFATA reports for Fiscal Year 2021 included information on the Low-Income Home Energy Assistance (LIHEAP), COVID-19 ? Low-Income Home Energy Assistance [ALN 93.568]; the Child Care and Development Fund (CCDF) Cluster, consisting of the Child Care and Development Block Grant [ALN 93.575], and Child Care Mandatory and Matching Funds of the Child Care and Development Fund [ALN 93.596]; and the Block Grant for Prevention and Treatment of Substance Abuse (Substance Abuse), COVID-19 ? Block Grant for Prevention and Treatment of Substance Abuse [ALN 93.959]. FFATA reporting was required for the Department because the Department passed through funds to one or more subrecipients for each of the three programs in excess of $30,000, as follows: LIHEAP funds to one subrecipient, CCDF funds to nine subrecipients, and Substance Abuse funds to seven subrecipients for Fiscal Year 2021. What was the purpose of our audit work and what work was performed? The purpose of our audit work was to evaluate the Department?s internal controls over the FFATA reporting and to determine whether the Department correctly reported its subawards to the FSRS during Fiscal Year 2021. Based on our audit testwork, we reviewed the Department?s subawards and related federal expenditures in Fiscal Year 2021 to determine if there was FFATA reporting that was completed within the month following the month the subaward was made, as required. We compared amounts reported by the Department for subawards in FSRS to the underlying financial records reported in the Colorado Operations Resource Engine (CORE), the state?s accounting system, for the LIHEAP, CCDF, and Substance Abuse programs and inquired about any differences. In addition, we made inquiries of Department staff regarding its internal control processes over the FFATA reporting, including supervisory reviews. We reviewed the following number of subrecipient samples within each program for their internal control over compliance and compliance with FFATA reporting standards: LIHEAP had one sample, CCDF had five samples, and Substance Abuse had five samples. We reviewed the FFATA reports within FSRS for each subrecipient selected for testing to determine if the FFATA report was made in a timely manner in accordance with federal regulations and contained all of the required key data elements. How were the results of the audit work measured? In accordance with federal regulations [2 CFR 170], direct recipients of grants are required to report subawards of $30,000 or more to FSRS by the end of the month following the month in which the award was made. If the Department makes additional subawards greater than or equal to $30,000 under that same subaward at a later date or makes a supplemental award that increases an existing award to greater than or equal to $30,000, it must file additional FFATA reports to reflect the new or amended subaward. If the subaward does not change, no additional reporting is required. The FFATA reports are required to include the following key data elements: subrecipient name, subrecipient DUNS number, amount of subaward, subaward obligation/action date, date of report submission, subaward number, subaward project description, and subrecipient names and compensation of highly compensated officers. The Department?s program staff are responsible for understanding FFATA reporting requirements related to their programs, and providing key data elements for subrecipients at the point that funds are obligated. When program staff determine that the Department is making a subaward that requires FFATA reporting, program staff are required to report these key data elements in eClearance, an approval workflow and document depository system utilized by the Department in their purchasing process. Guidance for the FFATA reporting is included within the Department?s FFATA Quick Reference Guide that is made available to the program staff. Program staff enter the subaward information into eClearance via an online form called a Requisition eForm (eForm), which goes through an approval process and is then routed to the Department?s Purchasing and Contracts unit to process the purchase request that translates into an obligation of an award for subrecipients. Once the eForm is completed processing in eClearance, it is archived in the system and an automated query is run by the Department?s Business Technology Unit to export this data and it is automatically emailed to the Compliance Accounting team on a daily basis. Each day, the Department?s compliance accountant compiles the subaward data emailed to them that originated from eClearance into a daily report. At the end of the month, the compliance accountant combines the daily reports into a monthly summary and compares the monthly summary report to the daily reports to verify the summary report?s accuracy. The compliance accountant uses the information summarized within the monthly report to input the required FFATA information into FSRS, which ultimately is submitted as the required monthly FFATA report. What problems did the audit work identify? Based on our audit testwork, we determined that the Department did not report its subawards in FSRS for any of the three federal grant programs we tested for Fiscal Year 2021: the LIHEAP, CCDF, and Substance Abuse programs. In total, for the three programs, the Department failed to report subawards totaling $5.77 million (approximately $3.04 million for LIHEAP, approximately $861 thousand for CCDF, and approximately $1.87 million for Substance Abuse). The following tables summarize the results of our testing and groups each exception within the following categories: subaward not reported, report not timely, subaward amount incorrect, and subaward missing key elements. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Why did these problems occur? The Department does not have adequate internal controls over the FFATA reporting. Specifically, the Department has not validated the automated process to compile the data needed for the FFATA reports. In addition, the Department has not implemented a supervisory review process of the final FFATA report data that is used to submit the FFATA report via FSRS. We determined that automated reports generated did not include the full population of data needed to compile the FFATA reports. Based on test work, we found that program staff entered key data elements needed for FFATA reporting correctly into the eForm during the purchasing process, and that accounting staff used the data provided in the reports received to complete the FFATA reporting in FSRS. However, the data exported from eClearance and sent to accounting to compile the FFATA reports did not contain all of the population needed for reporting. Thus, accounting was using data that was not complete in the FFATA reporting to FSRS, but was unaware that the data was not complete. Further, when there was incomplete information in the data received, the compliance accountant failed to follow up with the various program staff to obtain the necessary information and input it into and submit it through FSRS. Why do these problems matter? By failing to properly report subawards to FSRS, the Department is out of compliance with federal reporting requirements and risks federal sanctions. In addition, information submitted via the FSRS is made publicly available at https://www.usaspending.gov/search; excluding the information could be misleading to the public and fails to meet the federal intent of transparency for federal program spending. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2021-059 The Department of Human Service (Department) should strengthen its internal controls over the Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) reporting by: A. Correcting the automated reporting process from eClearance to ensure that data compiled for Transparency Act reporting contains all relevant data. B. Developing and implementing procedures to validate that data derived from eClearance reports and ultimately used to compile Transparency Act reporting is complete and accurate by reviewing the population from an alternate source, such as the Colorado Operations Resource Engine. C. Improving the Department?s supervisory review process to provide for a complete and thorough review of the final FFATA report data that the Department will report within the Federal Funding Accountability and Transparency Act Subaward Reporting System. This process should include taking steps to ensure the compliance accountant follows up with the program staff if the necessary information is not input into eClearance, so that it can be obtained and reported accurately and timely. Response Department of Human Services A. Agree Implementation Date: July 2022 CDHS agrees that it needs to it needs to correct the automated reporting process from the eClearance system used to gather data needed for our FFATA reporting. The department thought that the reports obtained from eClearance were complete and relied on them as the basis of our reporting. Upon investigation we found that an internal process change enacted during the implementation of another system at the start of the pandemic was the cause of the data discrepancy. This occurred because the new system made the routing in eClearance after a certain point unnecessary for internal processing so this stopped. It was unkown that this further routing to archive files in eClearance was the trigger for eClearance to push out FFATA report data. Since the department has been able to identify the cause we are able to immediately remedy the problem and ensure that all processes are in sync to ensure accurate and complete FFATA data is contained in automated reporting processes. The department will catch up on FFATA reporting that was missed during this time frame. B. Agree Implementation Date: July 2022 The department agrees that it needs to implement procedures to validate that data derived from automated processes used as a basis for FFATA reporting should be periodically validated against another data source. To do this the department will create and implement procedures to use CORE reports of encumbrance data referencing subrecipient object codes and tie this to information received from the automated eClearance report. Doing this will validate that the data provided from eClearance is a complete listing of all FFATA reportable subrecipient awards, and thus is a valid source to base FFATA reporting on. This will also help us monitor the process in case any future inadvertent changes are made to processes that could cause data validity issues. C. Agree Implementation Date: July 2022 CDHS agrees that a supervisory review is needed over the FFATA reporting process in order to ensure more consistency, accuracy and timeliness in reporting processes and standards. The department is currently developing procedures that will allow for more oversight of the FFATA reporting through supervisory reviews and cross training staff on FFATA reporting duties. Supervisory reviews will help ensure that reporting is completed in line with reporting procedures and timeframes and can be a second set of eyes to ensure that information appears accurate and adds analytical judgement value (example - a supervisor might see that July typically has high volume, but this July volume is low, why). In addition, the department is taking this opportunity to cross train other staff on the process so that more individuals can be involved which leads to more transparency over processes allowing various individuals to notice if something isn't working as designed. These new procedures are being developed and implemented as the department catches up on reporting subrecipient awards that were missed since the automated process stopped working.
The following findings and recommendations relating to internal control deficiencies classified as Material Weaknesses were communicated to the Department in the previous year and have not been remediated as of June 30, 2022 because the original implementation dates provided by the Department were in a subsequent fiscal year. These complete findings and recommendations can be found within the original report and the complete recommendations can be found within Section IV: Prior Audit Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Finding 2021-060 Misreporting of Federal Expenditures for the COVID-19 ?Pandemic EBT Food Benefits and Child Care and Development Block Grant on the Exhibit K1 Each year, the Department is required to prepare an exhibit containing the Department?s federal expenditures and related reimbursements to aid the Colorado Office of the State Controller (OSC) in the preparation of the State?s Schedule of Expenditures of Federal Awards (SEFA); this exhibit is referred to as the Exhibit K1, Schedule of Federal Assistance. The Exhibit K1 should include expenditures for grants received directly from the federal government and expended by the Department (direct expenditures), as well as expenditures for federal grants passed through by the Department to other State and/or non-State agencies (subrecipient expenditures). The SEFA is to be presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) to show the State?s expenditures of federal awards during the fiscal year. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Annually, the Department prepares its Exhibit K1 by following a process documented in its program accounting manual. First, program accountants review and analyze information from CORE for the federal Assistance Listing Number (ALN)?s related to the programs they support. The program accountants complete this review using a CORE report that the Department created, pulling transaction detail level data by ALN. Once the reviews and analysis are complete, the program accountants enter the information on the Department?s Exhibit K1 template for the correlating ALN. After the exhibit is prepared, the Department?s program accounting manual requires that it goes through two levels of review for accuracy. Once these reviews are completed, the Department submits the final Exhibit K1 to the OSC. The Department is also separately required within its approved State Plan for the COVID-19 ? Pandemic EBT Food Benefits program [ALN 10.542] (P-EBT) to report its P-EBT federal expenditures to the U.S. Department of Agriculture (USDA) via the Report of Disaster Food Stamp Benefit Issuance (FNS-292-B). The Department is also required to support the financial expenditures reported on the FNS-292-B report with source data and files, which includes a P-EBT Summary report that is exported from the Colorado Benefits Management System (CBMS) and includes the number of eligible children, number of eligible households, and total amount paid in P-EBT benefits. The P-EBT summary report is then reconciled by the Department to the County Financial Management System (CFMS), where the counties? issuance of P-EBT program benefits is accumulated and reported. For Fiscal Year 2021, the Department administered more than 70 federal programs and expended approximately $2.4 billion in federal funds. The P-EBT program and Child Care and Development Block Grant (Grant) [ALN 93.575] were two of these federal programs administered by the Department during Fiscal Year 2021. The Department reported more than $292 million in federal expenditures for the P-EBT program and approximately $74 million in federal expenditures for the Grant in Fiscal Year 2021. What was the purpose of our audit work and what work was performed? The purpose of our audit work was to evaluate the Department?s internal controls over the preparation of its Exhibit K1 during Fiscal Year 2021 and to determine whether the Department correctly reported its Fiscal Year 2021 federal grant expenditures to the OSC on its Exhibit K1. The purpose of our audit work was also to evaluate the Department?s internal controls over the financial reporting to the USDA regarding the P-EBT program. As part of our audit testwork, we compared amounts reported by the Department for direct and subrecipient federal expenditures on its Fiscal Year 2021 Exhibit K1 to the underlying financial records in CORE for the Grant and P-EBT federal programs and inquired about any differences. In addition, we made inquiries of Department staff regarding its internal control processes over the Exhibit K1 preparation, including supervisory reviews. We also reviewed 4 out of 12 Fiscal Year 2021 monthly submissions to the USDA for the FNS-292-B reports and compared federal expenditure amounts reported by the Department to the underlying financial records in CORE. How were the results of the audit work measured? The OSC is required to present the State?s SEFA in accordance with the federal requirements of the Uniform Guidance to show the State?s expenditures of federal awards during the fiscal year. Federal regulations [2 CFR 200.38(b)] define a federal award as, ?The instrument setting forth the terms and conditions. The instrument is the grant agreement, cooperative agreement, other agreement for assistance?? Federal regulations [2 CFR 200.510(b)(3) and (4)] require that the SEFA must show both total federal awards expended for each individual federal program, the Assistance Listing Number, and the total amount passed through to subrecipients for each federal program. In order to prepare the SEFA, the OSC requires state departments to submit an Exhibit K1 to report expenditures, receipts, and receivables for each federal grant program administered by the Department during the fiscal year. The OSC?s exhibit instructions include guidelines for completing the Exhibit K1, including defining ?direct and indirect expenditures? as ?all monetary and non-monetary direct and indirect Federal award expenditures,? and ?pass-through expenditures? as ?the amount of all monetary and non-monetary Federal award amounts passed through to a subrecipient.? For the Department?s Grant federal program, subrecipients consist of counties, school districts, and health centers. State Fiscal Rule 1-2, Internal Controls, requires that state departments ?implement internal accounting and administrative controls that reasonably ensure that financial transactions are accurate, reliable, conform to state fiscal rules, and reflect the underlying realities of the accounting transaction (substance rather than form).? Federal regulations [7 CFR 274.4] require the Department to submit an FNS-292-B report in the format prescribed by the USDA with information detailing the P-EBT federal benefit payments. The Department is required to support the information in the report with its underlying records. The FNS-292-B report is identified as a required report within the Department?s State Plan that is approved by the USDA. What problems did the audit work identify? The Department overstated $63.5 million in P-EBT expenditures on its June 2021 FNS-292-B report to USDA that was submitted on August 30, 2021, as well as on the Department?s Exhibit K1 for Fiscal Year 2021. The Department subsequently identified that the FNS-292-B report was misstated and updated and resubmitted the report on September 28, 2021, approximately one month later. The Department, however, did not update its Exhibit K1 for Fiscal Year 2021 to correct the error, because the program staff did not notify the accounting team of the misstatement and need for Exhibit K1 correction. Based on our audit testwork, we also determined that the Department misreported $8.7 million in the Grant?s expenditures as subrecipient, rather than direct, expenditures on its Exhibit K1. Why did these problems occur? The P-EBT program staff did not notify the Department?s accounting team, who prepares the Exhibit K1, of a revision to the FNS-292-B report. The P-EBT program staff prepared the reconciliation of the CBMS summary report to the CFMS P-EBT benefits issued report and identified a variance. The variance was eventually resolved and the P-EBT program staff resubmitted the FNS-292-B report to the USDA; however P-EBT program staff did not communicate this error to the Department?s accounting team. As a result, the accounting team was unaware of the revision and, therefore, did not update the Exhibit K1 to reflect the reduction in federal expenditures. Overall, the Department did not have adequate internal controls, such as an appropriate supervisory review process or adequate communication plan, in place for Fiscal Year 2021 to ensure that the FNS-292-B report was prepared accurately, that the Exhibit K1 was completed in accordance with the instructions provided by the OSC, and that the FNS-292-B and Exhibit K1 were reviewed for accuracy and compared to the underlying data. For the Grant program error, Department staff indicated that these funds were incorrectly identified and coded as subrecipient expenditures in CORE, which caused them to be incorrectly reported as such on the Exhibit K1. When the expenditures were initially posted in CORE, they were not adequately reviewed to determine if they were subrecipient or direct expenditures. Why do these problems matter? By failing to properly report grant expenditures to the federal government and the OSC, who ultimately then fails to properly report expenditures to the federal government on the State?s SEFA, the Department is out of compliance with federal and state reporting requirements and risks federal sanctions. In addition, because the error resulted in the Department misstating its federal expenditure results for the fiscal year, federal staff and taxpayers have an incorrect or unreliable picture of the P-EBT grant?s overall status. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2021-060 The Department of Human Services (Department) should strengthen its internal controls over the preparation of federal reports and the Exhibit K1, Schedule of Federal Assistance, by: A. Strengthening its internal controls over its monthly Pandemic Electronic Benefit Transfer Food Benefits (P-EBT) reporting to ensure its reporting is accurate and goes through supervisory review. B. Improving communication between program and accounting staff to ensure the Exhibit K1 is accurately updated when errors in federal reporting are identified and resolved. C. Improving the supervisory review process over the Exhibit K1 and the federal expenditures entered in the Colorado Operations Resource Engine (CORE), the state?s accounting system, to ensure expenditures are coded correctly as direct or subrecipient expenditures and that, ultimately, the Exhibit K1 is accurate and complete. Response Department of Human Services A. Agree Implementation Date: July 2022 CDHS agrees to enhance internal controls over monthly P-EBT reporting to better ensure accuracy. P-EBT is a new program derived from pandemic funding. Being a new program with a lack of federal guidance at implementation, and urgency to get the funds disbursed program staff had to learn about the nuances of the program and the reporting requirements as it was being implemented. During implementation we recognized that there are some inherent differences with P-EBT from other benefit programs which caused processes to have to be adjusted slightly. Additionally, timing of federal report filing for the P-EBT program is not in synch with our other processes and associated federal reporting requirements and deadlines. This makes it impossible to ensure reconciliation procedures are performed before filing occurs, which is one of our typical internal controls. As a compensating internal control CDHS will ensure that supervisory review processes are performed over P-EBT reporting, and that P-EBT reporting is reconciled to other sources (CBMS and CFMS) as soon as possible after reporting is available. If changes are discovered CDHS will make adjustments to filed P-EBT reports as needed based on reconciliation findings, and communicate changes to necessary parties. B. Agree Implementation Date: July 2022 CDHS will work to ensure better coordination between program activities and the accounting section relating to federal reporting changes. Accounting will iterate the importance of timely informing the accounting staff when changes are made to program filed federal reports. This message will be delivered in periodic fiscal meetings and identified on the closing calendar. The P-EBT program will ensure that corrections are communicated to accounting on any updates completed on the FNS-292-B report upon discovery, and no later than 30 days after the reporting period. C. Agree Implementation Date: July 2022 CDHS will ensure that review and approval processes are occurring as designed at various points in the process leading up to entry into CORE. As part of the Requisition (RQS) approval process program and accounting staff independently approve that the correct direct or subrecipient object code is used. These approved RQS transactions are then transitioned into encumbrance documents that drive which object code future expenditures will be booked to. For CCDF transactions related to this finding, both the OEC and Accounting teams inadvertently approved an incorrect object code in 4 RQS's. Staffing shortages coupled with a large increase in workload related to pandemic funding contributed to this oversight. To correct OEC and Accounting will train new staff, periodically familiarize themselves with the appropriate object codes, and perform quality assurance review over object codes before applying approval in CORE. The K1 is compiled from balances derived from expenditure data recorded in CORE. The compilation of the K1 relies on the fact that expenditure balances are accurate, and that prior reviews and approvals of individual transactions have occurred as designed. The K1 currently goes through various levels of review focusing on balance level validation coupled with analytical procedures. To enhance the review process, CDHS will ensure analytical procedures include line level expenditure comparison at the direct and subrecipient levels.
The following findings and recommendations relating to internal control deficiencies classified as Material Weaknesses were communicated to the Department in the previous year and have not been remediated as of June 30, 2022 because the original implementation dates provided by the Department were in a subsequent fiscal year. These complete findings and recommendations can be found within the original report and the complete recommendations can be found within Section IV: Prior Audit Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Finding 2021-059 Federal Funding Accountability and Transparency Act The Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) was created to empower Americans with the ability to hold the government accountable for each spending decision and, as a result, to reduce wasteful spending by the government. The Transparency Act requires the federal government to make certain information on federal awards available to the public. The Department is required to report information about subgrants, or subawards, given to other governments or to nonprofit organizations, also referred to as subrecipients. Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the Department, to an entity to carry out part of a Federal grant award received by the pass-through entity. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? The Department is required to file FFATA reports through the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). Once the Department submits a report to FSRS, the public can view certain information from the report, including the subrecipient?s name, subaward identification number, subaward obligation/action date, subaward amount, federal awarding agency and subagency, the Department?s name, and the Department?s grant award identification number. The Department?s required FFATA reports for Fiscal Year 2021 included information on the Low-Income Home Energy Assistance (LIHEAP), COVID-19 ? Low-Income Home Energy Assistance [ALN 93.568]; the Child Care and Development Fund (CCDF) Cluster, consisting of the Child Care and Development Block Grant [ALN 93.575], and Child Care Mandatory and Matching Funds of the Child Care and Development Fund [ALN 93.596]; and the Block Grant for Prevention and Treatment of Substance Abuse (Substance Abuse), COVID-19 ? Block Grant for Prevention and Treatment of Substance Abuse [ALN 93.959]. FFATA reporting was required for the Department because the Department passed through funds to one or more subrecipients for each of the three programs in excess of $30,000, as follows: LIHEAP funds to one subrecipient, CCDF funds to nine subrecipients, and Substance Abuse funds to seven subrecipients for Fiscal Year 2021. What was the purpose of our audit work and what work was performed? The purpose of our audit work was to evaluate the Department?s internal controls over the FFATA reporting and to determine whether the Department correctly reported its subawards to the FSRS during Fiscal Year 2021. Based on our audit testwork, we reviewed the Department?s subawards and related federal expenditures in Fiscal Year 2021 to determine if there was FFATA reporting that was completed within the month following the month the subaward was made, as required. We compared amounts reported by the Department for subawards in FSRS to the underlying financial records reported in the Colorado Operations Resource Engine (CORE), the state?s accounting system, for the LIHEAP, CCDF, and Substance Abuse programs and inquired about any differences. In addition, we made inquiries of Department staff regarding its internal control processes over the FFATA reporting, including supervisory reviews. We reviewed the following number of subrecipient samples within each program for their internal control over compliance and compliance with FFATA reporting standards: LIHEAP had one sample, CCDF had five samples, and Substance Abuse had five samples. We reviewed the FFATA reports within FSRS for each subrecipient selected for testing to determine if the FFATA report was made in a timely manner in accordance with federal regulations and contained all of the required key data elements. How were the results of the audit work measured? In accordance with federal regulations [2 CFR 170], direct recipients of grants are required to report subawards of $30,000 or more to FSRS by the end of the month following the month in which the award was made. If the Department makes additional subawards greater than or equal to $30,000 under that same subaward at a later date or makes a supplemental award that increases an existing award to greater than or equal to $30,000, it must file additional FFATA reports to reflect the new or amended subaward. If the subaward does not change, no additional reporting is required. The FFATA reports are required to include the following key data elements: subrecipient name, subrecipient DUNS number, amount of subaward, subaward obligation/action date, date of report submission, subaward number, subaward project description, and subrecipient names and compensation of highly compensated officers. The Department?s program staff are responsible for understanding FFATA reporting requirements related to their programs, and providing key data elements for subrecipients at the point that funds are obligated. When program staff determine that the Department is making a subaward that requires FFATA reporting, program staff are required to report these key data elements in eClearance, an approval workflow and document depository system utilized by the Department in their purchasing process. Guidance for the FFATA reporting is included within the Department?s FFATA Quick Reference Guide that is made available to the program staff. Program staff enter the subaward information into eClearance via an online form called a Requisition eForm (eForm), which goes through an approval process and is then routed to the Department?s Purchasing and Contracts unit to process the purchase request that translates into an obligation of an award for subrecipients. Once the eForm is completed processing in eClearance, it is archived in the system and an automated query is run by the Department?s Business Technology Unit to export this data and it is automatically emailed to the Compliance Accounting team on a daily basis. Each day, the Department?s compliance accountant compiles the subaward data emailed to them that originated from eClearance into a daily report. At the end of the month, the compliance accountant combines the daily reports into a monthly summary and compares the monthly summary report to the daily reports to verify the summary report?s accuracy. The compliance accountant uses the information summarized within the monthly report to input the required FFATA information into FSRS, which ultimately is submitted as the required monthly FFATA report. What problems did the audit work identify? Based on our audit testwork, we determined that the Department did not report its subawards in FSRS for any of the three federal grant programs we tested for Fiscal Year 2021: the LIHEAP, CCDF, and Substance Abuse programs. In total, for the three programs, the Department failed to report subawards totaling $5.77 million (approximately $3.04 million for LIHEAP, approximately $861 thousand for CCDF, and approximately $1.87 million for Substance Abuse). The following tables summarize the results of our testing and groups each exception within the following categories: subaward not reported, report not timely, subaward amount incorrect, and subaward missing key elements. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Why did these problems occur? The Department does not have adequate internal controls over the FFATA reporting. Specifically, the Department has not validated the automated process to compile the data needed for the FFATA reports. In addition, the Department has not implemented a supervisory review process of the final FFATA report data that is used to submit the FFATA report via FSRS. We determined that automated reports generated did not include the full population of data needed to compile the FFATA reports. Based on test work, we found that program staff entered key data elements needed for FFATA reporting correctly into the eForm during the purchasing process, and that accounting staff used the data provided in the reports received to complete the FFATA reporting in FSRS. However, the data exported from eClearance and sent to accounting to compile the FFATA reports did not contain all of the population needed for reporting. Thus, accounting was using data that was not complete in the FFATA reporting to FSRS, but was unaware that the data was not complete. Further, when there was incomplete information in the data received, the compliance accountant failed to follow up with the various program staff to obtain the necessary information and input it into and submit it through FSRS. Why do these problems matter? By failing to properly report subawards to FSRS, the Department is out of compliance with federal reporting requirements and risks federal sanctions. In addition, information submitted via the FSRS is made publicly available at https://www.usaspending.gov/search; excluding the information could be misleading to the public and fails to meet the federal intent of transparency for federal program spending. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2021-059 The Department of Human Service (Department) should strengthen its internal controls over the Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) reporting by: A. Correcting the automated reporting process from eClearance to ensure that data compiled for Transparency Act reporting contains all relevant data. B. Developing and implementing procedures to validate that data derived from eClearance reports and ultimately used to compile Transparency Act reporting is complete and accurate by reviewing the population from an alternate source, such as the Colorado Operations Resource Engine. C. Improving the Department?s supervisory review process to provide for a complete and thorough review of the final FFATA report data that the Department will report within the Federal Funding Accountability and Transparency Act Subaward Reporting System. This process should include taking steps to ensure the compliance accountant follows up with the program staff if the necessary information is not input into eClearance, so that it can be obtained and reported accurately and timely. Response Department of Human Services A. Agree Implementation Date: July 2022 CDHS agrees that it needs to it needs to correct the automated reporting process from the eClearance system used to gather data needed for our FFATA reporting. The department thought that the reports obtained from eClearance were complete and relied on them as the basis of our reporting. Upon investigation we found that an internal process change enacted during the implementation of another system at the start of the pandemic was the cause of the data discrepancy. This occurred because the new system made the routing in eClearance after a certain point unnecessary for internal processing so this stopped. It was unkown that this further routing to archive files in eClearance was the trigger for eClearance to push out FFATA report data. Since the department has been able to identify the cause we are able to immediately remedy the problem and ensure that all processes are in sync to ensure accurate and complete FFATA data is contained in automated reporting processes. The department will catch up on FFATA reporting that was missed during this time frame. B. Agree Implementation Date: July 2022 The department agrees that it needs to implement procedures to validate that data derived from automated processes used as a basis for FFATA reporting should be periodically validated against another data source. To do this the department will create and implement procedures to use CORE reports of encumbrance data referencing subrecipient object codes and tie this to information received from the automated eClearance report. Doing this will validate that the data provided from eClearance is a complete listing of all FFATA reportable subrecipient awards, and thus is a valid source to base FFATA reporting on. This will also help us monitor the process in case any future inadvertent changes are made to processes that could cause data validity issues. C. Agree Implementation Date: July 2022 CDHS agrees that a supervisory review is needed over the FFATA reporting process in order to ensure more consistency, accuracy and timeliness in reporting processes and standards. The department is currently developing procedures that will allow for more oversight of the FFATA reporting through supervisory reviews and cross training staff on FFATA reporting duties. Supervisory reviews will help ensure that reporting is completed in line with reporting procedures and timeframes and can be a second set of eyes to ensure that information appears accurate and adds analytical judgement value (example - a supervisor might see that July typically has high volume, but this July volume is low, why). In addition, the department is taking this opportunity to cross train other staff on the process so that more individuals can be involved which leads to more transparency over processes allowing various individuals to notice if something isn't working as designed. These new procedures are being developed and implemented as the department catches up on reporting subrecipient awards that were missed since the automated process stopped working.
The following findings and recommendations relating to internal control deficiencies classified as Material Weaknesses were communicated to the Department in the previous year and have not been remediated as of June 30, 2022 because the original implementation dates provided by the Department were in a subsequent fiscal year. These complete findings and recommendations can be found within the original report and the complete recommendations can be found within Section IV: Prior Audit Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Finding 2021-059 Federal Funding Accountability and Transparency Act The Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) was created to empower Americans with the ability to hold the government accountable for each spending decision and, as a result, to reduce wasteful spending by the government. The Transparency Act requires the federal government to make certain information on federal awards available to the public. The Department is required to report information about subgrants, or subawards, given to other governments or to nonprofit organizations, also referred to as subrecipients. Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the Department, to an entity to carry out part of a Federal grant award received by the pass-through entity. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? The Department is required to file FFATA reports through the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). Once the Department submits a report to FSRS, the public can view certain information from the report, including the subrecipient?s name, subaward identification number, subaward obligation/action date, subaward amount, federal awarding agency and subagency, the Department?s name, and the Department?s grant award identification number. The Department?s required FFATA reports for Fiscal Year 2021 included information on the Low-Income Home Energy Assistance (LIHEAP), COVID-19 ? Low-Income Home Energy Assistance [ALN 93.568]; the Child Care and Development Fund (CCDF) Cluster, consisting of the Child Care and Development Block Grant [ALN 93.575], and Child Care Mandatory and Matching Funds of the Child Care and Development Fund [ALN 93.596]; and the Block Grant for Prevention and Treatment of Substance Abuse (Substance Abuse), COVID-19 ? Block Grant for Prevention and Treatment of Substance Abuse [ALN 93.959]. FFATA reporting was required for the Department because the Department passed through funds to one or more subrecipients for each of the three programs in excess of $30,000, as follows: LIHEAP funds to one subrecipient, CCDF funds to nine subrecipients, and Substance Abuse funds to seven subrecipients for Fiscal Year 2021. What was the purpose of our audit work and what work was performed? The purpose of our audit work was to evaluate the Department?s internal controls over the FFATA reporting and to determine whether the Department correctly reported its subawards to the FSRS during Fiscal Year 2021. Based on our audit testwork, we reviewed the Department?s subawards and related federal expenditures in Fiscal Year 2021 to determine if there was FFATA reporting that was completed within the month following the month the subaward was made, as required. We compared amounts reported by the Department for subawards in FSRS to the underlying financial records reported in the Colorado Operations Resource Engine (CORE), the state?s accounting system, for the LIHEAP, CCDF, and Substance Abuse programs and inquired about any differences. In addition, we made inquiries of Department staff regarding its internal control processes over the FFATA reporting, including supervisory reviews. We reviewed the following number of subrecipient samples within each program for their internal control over compliance and compliance with FFATA reporting standards: LIHEAP had one sample, CCDF had five samples, and Substance Abuse had five samples. We reviewed the FFATA reports within FSRS for each subrecipient selected for testing to determine if the FFATA report was made in a timely manner in accordance with federal regulations and contained all of the required key data elements. How were the results of the audit work measured? In accordance with federal regulations [2 CFR 170], direct recipients of grants are required to report subawards of $30,000 or more to FSRS by the end of the month following the month in which the award was made. If the Department makes additional subawards greater than or equal to $30,000 under that same subaward at a later date or makes a supplemental award that increases an existing award to greater than or equal to $30,000, it must file additional FFATA reports to reflect the new or amended subaward. If the subaward does not change, no additional reporting is required. The FFATA reports are required to include the following key data elements: subrecipient name, subrecipient DUNS number, amount of subaward, subaward obligation/action date, date of report submission, subaward number, subaward project description, and subrecipient names and compensation of highly compensated officers. The Department?s program staff are responsible for understanding FFATA reporting requirements related to their programs, and providing key data elements for subrecipients at the point that funds are obligated. When program staff determine that the Department is making a subaward that requires FFATA reporting, program staff are required to report these key data elements in eClearance, an approval workflow and document depository system utilized by the Department in their purchasing process. Guidance for the FFATA reporting is included within the Department?s FFATA Quick Reference Guide that is made available to the program staff. Program staff enter the subaward information into eClearance via an online form called a Requisition eForm (eForm), which goes through an approval process and is then routed to the Department?s Purchasing and Contracts unit to process the purchase request that translates into an obligation of an award for subrecipients. Once the eForm is completed processing in eClearance, it is archived in the system and an automated query is run by the Department?s Business Technology Unit to export this data and it is automatically emailed to the Compliance Accounting team on a daily basis. Each day, the Department?s compliance accountant compiles the subaward data emailed to them that originated from eClearance into a daily report. At the end of the month, the compliance accountant combines the daily reports into a monthly summary and compares the monthly summary report to the daily reports to verify the summary report?s accuracy. The compliance accountant uses the information summarized within the monthly report to input the required FFATA information into FSRS, which ultimately is submitted as the required monthly FFATA report. What problems did the audit work identify? Based on our audit testwork, we determined that the Department did not report its subawards in FSRS for any of the three federal grant programs we tested for Fiscal Year 2021: the LIHEAP, CCDF, and Substance Abuse programs. In total, for the three programs, the Department failed to report subawards totaling $5.77 million (approximately $3.04 million for LIHEAP, approximately $861 thousand for CCDF, and approximately $1.87 million for Substance Abuse). The following tables summarize the results of our testing and groups each exception within the following categories: subaward not reported, report not timely, subaward amount incorrect, and subaward missing key elements. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Why did these problems occur? The Department does not have adequate internal controls over the FFATA reporting. Specifically, the Department has not validated the automated process to compile the data needed for the FFATA reports. In addition, the Department has not implemented a supervisory review process of the final FFATA report data that is used to submit the FFATA report via FSRS. We determined that automated reports generated did not include the full population of data needed to compile the FFATA reports. Based on test work, we found that program staff entered key data elements needed for FFATA reporting correctly into the eForm during the purchasing process, and that accounting staff used the data provided in the reports received to complete the FFATA reporting in FSRS. However, the data exported from eClearance and sent to accounting to compile the FFATA reports did not contain all of the population needed for reporting. Thus, accounting was using data that was not complete in the FFATA reporting to FSRS, but was unaware that the data was not complete. Further, when there was incomplete information in the data received, the compliance accountant failed to follow up with the various program staff to obtain the necessary information and input it into and submit it through FSRS. Why do these problems matter? By failing to properly report subawards to FSRS, the Department is out of compliance with federal reporting requirements and risks federal sanctions. In addition, information submitted via the FSRS is made publicly available at https://www.usaspending.gov/search; excluding the information could be misleading to the public and fails to meet the federal intent of transparency for federal program spending. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2021-059 The Department of Human Service (Department) should strengthen its internal controls over the Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) reporting by: A. Correcting the automated reporting process from eClearance to ensure that data compiled for Transparency Act reporting contains all relevant data. B. Developing and implementing procedures to validate that data derived from eClearance reports and ultimately used to compile Transparency Act reporting is complete and accurate by reviewing the population from an alternate source, such as the Colorado Operations Resource Engine. C. Improving the Department?s supervisory review process to provide for a complete and thorough review of the final FFATA report data that the Department will report within the Federal Funding Accountability and Transparency Act Subaward Reporting System. This process should include taking steps to ensure the compliance accountant follows up with the program staff if the necessary information is not input into eClearance, so that it can be obtained and reported accurately and timely. Response Department of Human Services A. Agree Implementation Date: July 2022 CDHS agrees that it needs to it needs to correct the automated reporting process from the eClearance system used to gather data needed for our FFATA reporting. The department thought that the reports obtained from eClearance were complete and relied on them as the basis of our reporting. Upon investigation we found that an internal process change enacted during the implementation of another system at the start of the pandemic was the cause of the data discrepancy. This occurred because the new system made the routing in eClearance after a certain point unnecessary for internal processing so this stopped. It was unkown that this further routing to archive files in eClearance was the trigger for eClearance to push out FFATA report data. Since the department has been able to identify the cause we are able to immediately remedy the problem and ensure that all processes are in sync to ensure accurate and complete FFATA data is contained in automated reporting processes. The department will catch up on FFATA reporting that was missed during this time frame. B. Agree Implementation Date: July 2022 The department agrees that it needs to implement procedures to validate that data derived from automated processes used as a basis for FFATA reporting should be periodically validated against another data source. To do this the department will create and implement procedures to use CORE reports of encumbrance data referencing subrecipient object codes and tie this to information received from the automated eClearance report. Doing this will validate that the data provided from eClearance is a complete listing of all FFATA reportable subrecipient awards, and thus is a valid source to base FFATA reporting on. This will also help us monitor the process in case any future inadvertent changes are made to processes that could cause data validity issues. C. Agree Implementation Date: July 2022 CDHS agrees that a supervisory review is needed over the FFATA reporting process in order to ensure more consistency, accuracy and timeliness in reporting processes and standards. The department is currently developing procedures that will allow for more oversight of the FFATA reporting through supervisory reviews and cross training staff on FFATA reporting duties. Supervisory reviews will help ensure that reporting is completed in line with reporting procedures and timeframes and can be a second set of eyes to ensure that information appears accurate and adds analytical judgement value (example - a supervisor might see that July typically has high volume, but this July volume is low, why). In addition, the department is taking this opportunity to cross train other staff on the process so that more individuals can be involved which leads to more transparency over processes allowing various individuals to notice if something isn't working as designed. These new procedures are being developed and implemented as the department catches up on reporting subrecipient awards that were missed since the automated process stopped working.
The following findings and recommendations relating to internal control deficiencies classified as Material Weaknesses were communicated to the Department in the previous year and have not been remediated as of June 30, 2022 because the original implementation dates provided by the Department were in a subsequent fiscal year. These complete findings and recommendations can be found within the original report and the complete recommendations can be found within Section IV: Prior Audit Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Finding 2021-059 Federal Funding Accountability and Transparency Act The Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) was created to empower Americans with the ability to hold the government accountable for each spending decision and, as a result, to reduce wasteful spending by the government. The Transparency Act requires the federal government to make certain information on federal awards available to the public. The Department is required to report information about subgrants, or subawards, given to other governments or to nonprofit organizations, also referred to as subrecipients. Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the Department, to an entity to carry out part of a Federal grant award received by the pass-through entity. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? The Department is required to file FFATA reports through the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). Once the Department submits a report to FSRS, the public can view certain information from the report, including the subrecipient?s name, subaward identification number, subaward obligation/action date, subaward amount, federal awarding agency and subagency, the Department?s name, and the Department?s grant award identification number. The Department?s required FFATA reports for Fiscal Year 2021 included information on the Low-Income Home Energy Assistance (LIHEAP), COVID-19 ? Low-Income Home Energy Assistance [ALN 93.568]; the Child Care and Development Fund (CCDF) Cluster, consisting of the Child Care and Development Block Grant [ALN 93.575], and Child Care Mandatory and Matching Funds of the Child Care and Development Fund [ALN 93.596]; and the Block Grant for Prevention and Treatment of Substance Abuse (Substance Abuse), COVID-19 ? Block Grant for Prevention and Treatment of Substance Abuse [ALN 93.959]. FFATA reporting was required for the Department because the Department passed through funds to one or more subrecipients for each of the three programs in excess of $30,000, as follows: LIHEAP funds to one subrecipient, CCDF funds to nine subrecipients, and Substance Abuse funds to seven subrecipients for Fiscal Year 2021. What was the purpose of our audit work and what work was performed? The purpose of our audit work was to evaluate the Department?s internal controls over the FFATA reporting and to determine whether the Department correctly reported its subawards to the FSRS during Fiscal Year 2021. Based on our audit testwork, we reviewed the Department?s subawards and related federal expenditures in Fiscal Year 2021 to determine if there was FFATA reporting that was completed within the month following the month the subaward was made, as required. We compared amounts reported by the Department for subawards in FSRS to the underlying financial records reported in the Colorado Operations Resource Engine (CORE), the state?s accounting system, for the LIHEAP, CCDF, and Substance Abuse programs and inquired about any differences. In addition, we made inquiries of Department staff regarding its internal control processes over the FFATA reporting, including supervisory reviews. We reviewed the following number of subrecipient samples within each program for their internal control over compliance and compliance with FFATA reporting standards: LIHEAP had one sample, CCDF had five samples, and Substance Abuse had five samples. We reviewed the FFATA reports within FSRS for each subrecipient selected for testing to determine if the FFATA report was made in a timely manner in accordance with federal regulations and contained all of the required key data elements. How were the results of the audit work measured? In accordance with federal regulations [2 CFR 170], direct recipients of grants are required to report subawards of $30,000 or more to FSRS by the end of the month following the month in which the award was made. If the Department makes additional subawards greater than or equal to $30,000 under that same subaward at a later date or makes a supplemental award that increases an existing award to greater than or equal to $30,000, it must file additional FFATA reports to reflect the new or amended subaward. If the subaward does not change, no additional reporting is required. The FFATA reports are required to include the following key data elements: subrecipient name, subrecipient DUNS number, amount of subaward, subaward obligation/action date, date of report submission, subaward number, subaward project description, and subrecipient names and compensation of highly compensated officers. The Department?s program staff are responsible for understanding FFATA reporting requirements related to their programs, and providing key data elements for subrecipients at the point that funds are obligated. When program staff determine that the Department is making a subaward that requires FFATA reporting, program staff are required to report these key data elements in eClearance, an approval workflow and document depository system utilized by the Department in their purchasing process. Guidance for the FFATA reporting is included within the Department?s FFATA Quick Reference Guide that is made available to the program staff. Program staff enter the subaward information into eClearance via an online form called a Requisition eForm (eForm), which goes through an approval process and is then routed to the Department?s Purchasing and Contracts unit to process the purchase request that translates into an obligation of an award for subrecipients. Once the eForm is completed processing in eClearance, it is archived in the system and an automated query is run by the Department?s Business Technology Unit to export this data and it is automatically emailed to the Compliance Accounting team on a daily basis. Each day, the Department?s compliance accountant compiles the subaward data emailed to them that originated from eClearance into a daily report. At the end of the month, the compliance accountant combines the daily reports into a monthly summary and compares the monthly summary report to the daily reports to verify the summary report?s accuracy. The compliance accountant uses the information summarized within the monthly report to input the required FFATA information into FSRS, which ultimately is submitted as the required monthly FFATA report. What problems did the audit work identify? Based on our audit testwork, we determined that the Department did not report its subawards in FSRS for any of the three federal grant programs we tested for Fiscal Year 2021: the LIHEAP, CCDF, and Substance Abuse programs. In total, for the three programs, the Department failed to report subawards totaling $5.77 million (approximately $3.04 million for LIHEAP, approximately $861 thousand for CCDF, and approximately $1.87 million for Substance Abuse). The following tables summarize the results of our testing and groups each exception within the following categories: subaward not reported, report not timely, subaward amount incorrect, and subaward missing key elements. See Schedule of Findings and Questioned Costs for chart/table See Schedule of Findings and Questioned Costs for footnote Why did these problems occur? The Department does not have adequate internal controls over the FFATA reporting. Specifically, the Department has not validated the automated process to compile the data needed for the FFATA reports. In addition, the Department has not implemented a supervisory review process of the final FFATA report data that is used to submit the FFATA report via FSRS. We determined that automated reports generated did not include the full population of data needed to compile the FFATA reports. Based on test work, we found that program staff entered key data elements needed for FFATA reporting correctly into the eForm during the purchasing process, and that accounting staff used the data provided in the reports received to complete the FFATA reporting in FSRS. However, the data exported from eClearance and sent to accounting to compile the FFATA reports did not contain all of the population needed for reporting. Thus, accounting was using data that was not complete in the FFATA reporting to FSRS, but was unaware that the data was not complete. Further, when there was incomplete information in the data received, the compliance accountant failed to follow up with the various program staff to obtain the necessary information and input it into and submit it through FSRS. Why do these problems matter? By failing to properly report subawards to FSRS, the Department is out of compliance with federal reporting requirements and risks federal sanctions. In addition, information submitted via the FSRS is made publicly available at https://www.usaspending.gov/search; excluding the information could be misleading to the public and fails to meet the federal intent of transparency for federal program spending. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2021-059 The Department of Human Service (Department) should strengthen its internal controls over the Federal Funding Accountability and Transparency Act (Transparency Act or FFATA) reporting by: A. Correcting the automated reporting process from eClearance to ensure that data compiled for Transparency Act reporting contains all relevant data. B. Developing and implementing procedures to validate that data derived from eClearance reports and ultimately used to compile Transparency Act reporting is complete and accurate by reviewing the population from an alternate source, such as the Colorado Operations Resource Engine. C. Improving the Department?s supervisory review process to provide for a complete and thorough review of the final FFATA report data that the Department will report within the Federal Funding Accountability and Transparency Act Subaward Reporting System. This process should include taking steps to ensure the compliance accountant follows up with the program staff if the necessary information is not input into eClearance, so that it can be obtained and reported accurately and timely. Response Department of Human Services A. Agree Implementation Date: July 2022 CDHS agrees that it needs to it needs to correct the automated reporting process from the eClearance system used to gather data needed for our FFATA reporting. The department thought that the reports obtained from eClearance were complete and relied on them as the basis of our reporting. Upon investigation we found that an internal process change enacted during the implementation of another system at the start of the pandemic was the cause of the data discrepancy. This occurred because the new system made the routing in eClearance after a certain point unnecessary for internal processing so this stopped. It was unkown that this further routing to archive files in eClearance was the trigger for eClearance to push out FFATA report data. Since the department has been able to identify the cause we are able to immediately remedy the problem and ensure that all processes are in sync to ensure accurate and complete FFATA data is contained in automated reporting processes. The department will catch up on FFATA reporting that was missed during this time frame. B. Agree Implementation Date: July 2022 The department agrees that it needs to implement procedures to validate that data derived from automated processes used as a basis for FFATA reporting should be periodically validated against another data source. To do this the department will create and implement procedures to use CORE reports of encumbrance data referencing subrecipient object codes and tie this to information received from the automated eClearance report. Doing this will validate that the data provided from eClearance is a complete listing of all FFATA reportable subrecipient awards, and thus is a valid source to base FFATA reporting on. This will also help us monitor the process in case any future inadvertent changes are made to processes that could cause data validity issues. C. Agree Implementation Date: July 2022 CDHS agrees that a supervisory review is needed over the FFATA reporting process in order to ensure more consistency, accuracy and timeliness in reporting processes and standards. The department is currently developing procedures that will allow for more oversight of the FFATA reporting through supervisory reviews and cross training staff on FFATA reporting duties. Supervisory reviews will help ensure that reporting is completed in line with reporting procedures and timeframes and can be a second set of eyes to ensure that information appears accurate and adds analytical judgement value (example - a supervisor might see that July typically has high volume, but this July volume is low, why). In addition, the department is taking this opportunity to cross train other staff on the process so that more individuals can be involved which leads to more transparency over processes allowing various individuals to notice if something isn't working as designed. These new procedures are being developed and implemented as the department catches up on reporting subrecipient awards that were missed since the automated process stopped working.