Finding 2023-003 Inadequate Tracking of Federal Expenses (Allowable Costs) Federal Programs: All Criteria: In accordance with CFR 200.302 organizations receiving Federal awards must maintain accurate records that adequately identify the source and application of Federal funds. This includes tracking Federal expenditures separately and distinctly within their accounting system. Additionally, in accordance with CFR 200.303, the non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Organization's use of class codes in QuickBooks to track Federal expenses was found to be inadequate. Although the Organization uses QuickBooks to record financial transactions, there is no systematic method in place to ensure that Federal expenditures are properly classified and tracked using distinct class codes. Cause: The deficiency in tracking Federal expenses within QuickBooks using class codes appears to stem from a lack of understanding or awareness of the requirements outlined in Uniform Guidance. Additionally, there may be insufficient training provided to staff responsible for financial management and accounting practices. Effect or Potential Effect: Without proper tracking of Federal expenses using class codes, the Organization risks commingling Federal funds with other sources of revenue, which could lead to inaccurate reporting and potential non-compliance with Uniform Guidance requirements. This deficiency increases the likelihood of errors in financial reporting and raises concerns about the Organization's ability to demonstrate proper stewardship of Federal funds. Questioned Costs: Indeterminable. Context: The Organization does not currently use its financial management system to leverage the tracking of Federal funds between programs; the tracking is currently manual, based on Excel spreadsheets, and difficult to track/audit. Recommendation: It is recommended that the Organization establish and implement procedures to effectively track Federal expenses within QuickBooks using distinct class codes in accordance with 2 CFR 200.302. This may involve providing training to staff on the proper use of class codes and ensuring that all Federal expenditures are consistently and accurately classified in the accounting system.
Finding 2023-003 Inadequate Tracking of Federal Expenses (Allowable Costs) Federal Programs: All Criteria: In accordance with CFR 200.302 organizations receiving Federal awards must maintain accurate records that adequately identify the source and application of Federal funds. This includes tracking Federal expenditures separately and distinctly within their accounting system. Additionally, in accordance with CFR 200.303, the non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Organization's use of class codes in QuickBooks to track Federal expenses was found to be inadequate. Although the Organization uses QuickBooks to record financial transactions, there is no systematic method in place to ensure that Federal expenditures are properly classified and tracked using distinct class codes. Cause: The deficiency in tracking Federal expenses within QuickBooks using class codes appears to stem from a lack of understanding or awareness of the requirements outlined in Uniform Guidance. Additionally, there may be insufficient training provided to staff responsible for financial management and accounting practices. Effect or Potential Effect: Without proper tracking of Federal expenses using class codes, the Organization risks commingling Federal funds with other sources of revenue, which could lead to inaccurate reporting and potential non-compliance with Uniform Guidance requirements. This deficiency increases the likelihood of errors in financial reporting and raises concerns about the Organization's ability to demonstrate proper stewardship of Federal funds. Questioned Costs: Indeterminable. Context: The Organization does not currently use its financial management system to leverage the tracking of Federal funds between programs; the tracking is currently manual, based on Excel spreadsheets, and difficult to track/audit. Recommendation: It is recommended that the Organization establish and implement procedures to effectively track Federal expenses within QuickBooks using distinct class codes in accordance with 2 CFR 200.302. This may involve providing training to staff on the proper use of class codes and ensuring that all Federal expenditures are consistently and accurately classified in the accounting system.
Federal Programs: U.S. Department of Health and Human Services, Consolidated Health Centers Cluster: Community Health Centers (Assistance Listing #93.224); American Rescue Plan Act Funding for Health Centers (Assistance Listing #93.224); Primary Care HIV Prevention (Assistance Listing #93.527). Finding Type: Significant Deficiency Criteria: The 2 CFR section 200.302 requires that non-federal entities receiving federal awards present accurate, current, and complete disclosure of the financial results of each Federal award or program. The entity is required to maintain records, supported by source documentation, that identify adequately the source of funds for federally funded programs. Condition and Context: For 3 of the Center’s 50 expense reimbursement request draw-downs for the year ended September 30, 2023, the reimbursement request included more expenses than the amount of respective expenses incurred. Cause: During the year, the Center experienced turnover within the finance department and expense reimbursement requests were inadvertently completed incorrectly using previous or unrelated payroll information reports. Effect: As a result of the incorrect expense reimbursements, the Center received reimbursement payments in excess of related expenses incurred totaling $30,337 for the year ended September 30, 2023. Questioned Costs: $30, 337 Recommendation: The Center should implement a more robust process and related internal controls surrounding the expense reimbursement requests to ensure the submitted requests agree to the respective costs incurred and supported. Views of Responsible Officials: Due to extenuating circumstances, including turnover in the finance department, the reimbursement requests were not properly reviewed and agreed to supporting documentation. However, although the expense reimbursement requests exceeded the respective incurred expenses in the identified requests above, the Center consistently incurs allowable expenses that qualify to be reimbursed in excess of total grant payments received and is working to remediate the issue.
Federal Programs: U.S. Department of Health and Human Services, Consolidated Health Centers Cluster: Community Health Centers (Assistance Listing #93.224); American Rescue Plan Act Funding for Health Centers (Assistance Listing #93.224); Primary Care HIV Prevention (Assistance Listing #93.527). Finding Type: Significant Deficiency Criteria: The 2 CFR section 200.302 requires that non-federal entities receiving federal awards present accurate, current, and complete disclosure of the financial results of each Federal award or program. The entity is required to maintain records, supported by source documentation, that identify adequately the source of funds for federally funded programs. Condition and Context: For 3 of the Center’s 50 expense reimbursement request draw-downs for the year ended September 30, 2023, the reimbursement request included more expenses than the amount of respective expenses incurred. Cause: During the year, the Center experienced turnover within the finance department and expense reimbursement requests were inadvertently completed incorrectly using previous or unrelated payroll information reports. Effect: As a result of the incorrect expense reimbursements, the Center received reimbursement payments in excess of related expenses incurred totaling $30,337 for the year ended September 30, 2023. Questioned Costs: $30, 337 Recommendation: The Center should implement a more robust process and related internal controls surrounding the expense reimbursement requests to ensure the submitted requests agree to the respective costs incurred and supported. Views of Responsible Officials: Due to extenuating circumstances, including turnover in the finance department, the reimbursement requests were not properly reviewed and agreed to supporting documentation. However, although the expense reimbursement requests exceeded the respective incurred expenses in the identified requests above, the Center consistently incurs allowable expenses that qualify to be reimbursed in excess of total grant payments received and is working to remediate the issue.
Federal Programs: U.S. Department of Health and Human Services, Consolidated Health Centers Cluster: Community Health Centers (Assistance Listing #93.224); American Rescue Plan Act Funding for Health Centers (Assistance Listing #93.224); Primary Care HIV Prevention (Assistance Listing #93.527). Finding Type: Significant Deficiency Criteria: The 2 CFR section 200.302 requires that non-federal entities receiving federal awards present accurate, current, and complete disclosure of the financial results of each Federal award or program. The entity is required to maintain records, supported by source documentation, that identify adequately the source of funds for federally funded programs. Condition and Context: For 3 of the Center’s 50 expense reimbursement request draw-downs for the year ended September 30, 2023, the reimbursement request included more expenses than the amount of respective expenses incurred. Cause: During the year, the Center experienced turnover within the finance department and expense reimbursement requests were inadvertently completed incorrectly using previous or unrelated payroll information reports. Effect: As a result of the incorrect expense reimbursements, the Center received reimbursement payments in excess of related expenses incurred totaling $30,337 for the year ended September 30, 2023. Questioned Costs: $30, 337 Recommendation: The Center should implement a more robust process and related internal controls surrounding the expense reimbursement requests to ensure the submitted requests agree to the respective costs incurred and supported. Views of Responsible Officials: Due to extenuating circumstances, including turnover in the finance department, the reimbursement requests were not properly reviewed and agreed to supporting documentation. However, although the expense reimbursement requests exceeded the respective incurred expenses in the identified requests above, the Center consistently incurs allowable expenses that qualify to be reimbursed in excess of total grant payments received and is working to remediate the issue.
2023-005 Internal Controls over Grant Management (Significant Deficiency and Noncompliance) Criteria: 2 CFR 200.302 establishes the requirements of a financial management system adequate to ensure compliance with federal regulations. This system must include written procedures to implement requirements for payment methods and determine the allowability of costs in accordance with subpart E. Statement of Condition: The City has written fiscal policies but they do not meet the financial management system requirements established in the regulations. Cause: The City has processes and procedures in place to administer grant funds but written policies do not contain compliance requirements. Effect: The City is not in compliance with financial management system requirements. Recommendation: The City should develop a grants manual or additional written policies to incorporate all the requirements of 2 CFR 200 and ensure compliance. Views of Management and Planned Corrective Action: See Corrective Action Plan included at the end of the report.
2023-005 Internal Controls over Grant Management (Significant Deficiency and Noncompliance) Criteria: 2 CFR 200.302 establishes the requirements of a financial management system adequate to ensure compliance with federal regulations. This system must include written procedures to implement requirements for payment methods and determine the allowability of costs in accordance with subpart E. Statement of Condition: The City has written fiscal policies but they do not meet the financial management system requirements established in the regulations. Cause: The City has processes and procedures in place to administer grant funds but written policies do not contain compliance requirements. Effect: The City is not in compliance with financial management system requirements. Recommendation: The City should develop a grants manual or additional written policies to incorporate all the requirements of 2 CFR 200 and ensure compliance. Views of Management and Planned Corrective Action: See Corrective Action Plan included at the end of the report.
2023-005: Written Policies and Procedures Assistance Listing Number, Federal Agency, and Program Name: Assistance Listing Number 93.696, Certified Community Behavioral Health Clinic Expansion Grant Federal Award Identification Number and Year: 1H79SM086680-01, Program Grant Period 09/29/2022-09/29/2023 Pass-through Entity: N/A Type: Material weakness in internal control and noncompliance with laws and regulations Repeat Finding: No Criteria: As a precondition to receive federal awards, prospective recipients must have effective internal controls over the federal award. As described in 2 CFR, Part 200.303, nonfederal entities must have certain written policies and procedures surrounding the management of their federal awards. Such policies should include procedures for collecting payments of federal funds per 2 CRF 200.305, cash management (i.e., minimizing the time between draws and actual disbursing of federal awards) per 2 CFR 200.302(b)(6), allowable cost per 2 CFR 200.403, and conflict of interest per 2 CFR 200.318. Per 2 CFR 200.319(d), the non-Federal entity must have written procedures for procurement transactions. Condition: The Authority did not have written procedures for cash management and allowable cost. Identification of How Likely Questioned Costs Were Computed: N/A Known Questioned Costs: None Context: N/A Cause/Effect: Although the Authority is aware that they were required to have written policies and procedures for the items noted above, they were using the grant agreement guidelines that provide grantees with guidance for ensuring the existing accounting and personnel policies and procedures include the necessary controls. These guidelines address the compliance areas required by the Uniform Guidance. Recommendation: We recommend the Authority adopt written policies and procedures over cash management and allowable costs required under the Uniform Guidance. View of Responsible Officials and Planned Corrective Action Plan: See attached corrective action plan.
Federal Programs Affected: • 11.302 – Economic Development Administration (EDA) • 93.041 – Preventive Health and Health Services – Ombudsman • 93.043 – Prevention and Public Health – Evidence-Based Health Promotion (Title III-D) • 93.071 – Medicare Enrollment Assistance (MIPPA) • 93.324 – State Primary Care Offices (HICAP) • 93.499 – ACA – LIHWAP Cluster • 93.791 – Money Follows the Person – ADRC • 93.917 – HIV Care Formula Grants – Ryan White Service Delivery • 97.067 – Homeland Security Grant Program – SHSP Compliance Requirement: Allowable Costs/Cost Principles (2 CFR Part 200, Subpart E) Type of Finding: Compliance and Internal Control Deficiency Condition: During our review of administrative expenditures, we identified a utility payment to NRG Business that included sales tax, which is unallowable under federal cost principles for tax-exempt entities. Specifically, the utility invoice dated June 30, 2023, in the amount of $713.43 included $51.47 in sales tax. Although the vendor later issued a credit for the sales tax amount, the original charge—including the unallowable portion—was allocated to various federal grants through the administrative cost pool. It is not clear whether the vendor credit was properly reallocated to reverse the original federal charges. The table below summarizes the impacted programs and amounts: Federal Program ALN Check No. Amount Charged Economic Development Administration 11.302 #70335 $66.99 Preventive Health & Health Services – Ombudsman 93.041 #70076 $56.16 Evidence-Based Health – Title III-D 93.043 #70335 $66.99 Medicare Enrollment Assistance – MIPPA 93.071 #70583 $75.50 State Primary Care Offices – HICAP 93.324 #71046 $80.00 ACA – LIHWAP Cluster 93.499 #69835 $43.14 Money Follows the Person – ADRC 93.791 #70335 $66.99 HIV Care Formula Grants – Ryan White 93.917 #70460 $35.63 Homeland Security Grant Program – SHSP 97.067 #69835 $43.14 Criteria: In accordance with 2 CFR §200.403 and §200.405, costs charged to federal awards must be necessary, reasonable, allocable, and allowable under the cost principles. As a tax-exempt entity, sales taxes paid in error are considered unallowable unless excluded from reimbursement or properly credited. Additionally, per §200.302(b)(2), recipients must maintain effective control over and accountability for all funds and ensure proper allocation of costs. Cause: STDC’s internal controls did not identify the inclusion of sales tax in the vendor invoice prior to payment. Furthermore, no mechanism was in place to ensure that vendor credits—once received—were retroactively applied to reverse the original allocations made to federal grants. Effect: Although the vendor issued a credit for the unallowable sales tax, the original amount was temporarily charged to multiple federal programs. The lack of documented reallocation creates a risk that federal programs may have absorbed unallowable costs or that cost allocations remain inaccurate. Recommendation: We recommend that STDC: • Strengthen internal controls to ensure that invoices are reviewed for unallowable costs (such as sales tax) prior to payment and allocation; • Establish procedures to track vendor credits and ensure that corresponding cost reallocations are applied to the correct funding sources; • Enhance documentation and reconciliation processes to demonstrate that post-payment adjustments are handled properly; • Train fiscal and grant staff on exempt status implications and cost allowability under Uniform Guidance. Questioned Costs: None (vendor credit issued); however, audit adjustments or reallocations may be necessary to ensure grant charges are corrected.
Federal Program: Ryan White HIV/AIDS Program – Part B (ALN 93.917) Compliance Requirement: Allowable Costs/Cost Principles (2 CFR Part 200, Subpart E) Type of Finding: Compliance and Internal Control Deficiency Condition: During our testing of the Ryan White Service Delivery program (grant period ending March 31, 2023), we noted that STDC initially submitted a final financial report to the Texas Department of State Health Services (DSHS) – Ryan White Division, reporting $491,993 in contractual expenditures and $69,458 in administrative expenditures. Subsequently, STDC submitted an additional reimbursement request via Form B-13, which included $162,433 in additional contractual costs and $12,153 in administrative costs. Upon review of the supporting documentation for this supplemental submission, we were unable to obtain sufficient appropriate evidence that the additional $12,153 in administrative expenditures were actually incurred. Despite the lack of adequate supporting documentation, the full amount was reimbursed by DSHS. Criteria: In accordance with 2 CFR §200.403(g), to be allowable under a federal award, costs must be adequately documented. Furthermore, §200.302(b)(3) requires recipients of federal funds to maintain records that identify adequately the source and application of funds, and §200.338(a) authorizes federal agencies to disallow costs that are not properly supported or allocable. Cause: STDC did not maintain contemporaneous or sufficient documentation to support administrative costs included in the post-period reimbursement request. Additionally, internal controls over the review and approval of financial reports and supplemental claims (e.g., Form B-13 submissions) were not operating effectively to prevent or detect the inclusion of unsupported expenditures. Effect: As a result, STDC received federal reimbursement for $12,153 in administrative costs without appropriate documentation, constituting noncompliance with federal cost principles. This condition may result in the disallowance of costs and repayment obligations to the funding agency. Recommendation: We recommend that STDC strengthen internal controls related to post-award financial reporting and reimbursement procedures by: • Ensuring that all costs claimed are supported by contemporaneous documentation clearly demonstrating that costs were incurred and allocable; • Establishing a formal review protocol for post-period adjustments, including documentation validation and supervisory sign-off; • Performing reconciliations of claimed expenditures before submission of final or supplemental reports to granting agencies; and • Consulting with DSHS to determine whether corrective action or repayment is necessary regarding the unsupported amount. Questioned Costs: $12,153
Federal Programs Affected: • 11.302 – Economic Development Administration (EDA) • 93.041 – Preventive Health and Health Services – Ombudsman • 93.043 – Prevention and Public Health – Evidence-Based Health Promotion (Title III-D) • 93.071 – Medicare Enrollment Assistance (MIPPA) • 93.324 – State Primary Care Offices (HICAP) • 93.499 – ACA – LIHWAP Cluster • 93.791 – Money Follows the Person – ADRC • 93.917 – HIV Care Formula Grants – Ryan White Service Delivery • 97.067 – Homeland Security Grant Program – SHSP Compliance Requirement: Allowable Costs/Cost Principles (2 CFR Part 200, Subpart E) Type of Finding: Compliance and Internal Control Deficiency Condition: During our review of administrative expenditures, we identified a utility payment to NRG Business that included sales tax, which is unallowable under federal cost principles for tax-exempt entities. Specifically, the utility invoice dated June 30, 2023, in the amount of $713.43 included $51.47 in sales tax. Although the vendor later issued a credit for the sales tax amount, the original charge—including the unallowable portion—was allocated to various federal grants through the administrative cost pool. It is not clear whether the vendor credit was properly reallocated to reverse the original federal charges. The table below summarizes the impacted programs and amounts: Federal Program ALN Check No. Amount Charged Economic Development Administration 11.302 #70335 $66.99 Preventive Health & Health Services – Ombudsman 93.041 #70076 $56.16 Evidence-Based Health – Title III-D 93.043 #70335 $66.99 Medicare Enrollment Assistance – MIPPA 93.071 #70583 $75.50 State Primary Care Offices – HICAP 93.324 #71046 $80.00 ACA – LIHWAP Cluster 93.499 #69835 $43.14 Money Follows the Person – ADRC 93.791 #70335 $66.99 HIV Care Formula Grants – Ryan White 93.917 #70460 $35.63 Homeland Security Grant Program – SHSP 97.067 #69835 $43.14 Criteria: In accordance with 2 CFR §200.403 and §200.405, costs charged to federal awards must be necessary, reasonable, allocable, and allowable under the cost principles. As a tax-exempt entity, sales taxes paid in error are considered unallowable unless excluded from reimbursement or properly credited. Additionally, per §200.302(b)(2), recipients must maintain effective control over and accountability for all funds and ensure proper allocation of costs. Cause: STDC’s internal controls did not identify the inclusion of sales tax in the vendor invoice prior to payment. Furthermore, no mechanism was in place to ensure that vendor credits—once received—were retroactively applied to reverse the original allocations made to federal grants. Effect: Although the vendor issued a credit for the unallowable sales tax, the original amount was temporarily charged to multiple federal programs. The lack of documented reallocation creates a risk that federal programs may have absorbed unallowable costs or that cost allocations remain inaccurate. Recommendation: We recommend that STDC: • Strengthen internal controls to ensure that invoices are reviewed for unallowable costs (such as sales tax) prior to payment and allocation; • Establish procedures to track vendor credits and ensure that corresponding cost reallocations are applied to the correct funding sources; • Enhance documentation and reconciliation processes to demonstrate that post-payment adjustments are handled properly; • Train fiscal and grant staff on exempt status implications and cost allowability under Uniform Guidance. Questioned Costs: None (vendor credit issued); however, audit adjustments or reallocations may be necessary to ensure grant charges are corrected.
Federal Programs Affected: • 11.302 – Economic Development Administration (EDA) • 93.041 – Preventive Health and Health Services – Ombudsman • 93.043 – Prevention and Public Health – Evidence-Based Health Promotion (Title III-D) • 93.071 – Medicare Enrollment Assistance (MIPPA) • 93.324 – State Primary Care Offices (HICAP) • 93.499 – ACA – LIHWAP Cluster • 93.791 – Money Follows the Person – ADRC • 93.917 – HIV Care Formula Grants – Ryan White Service Delivery • 97.067 – Homeland Security Grant Program – SHSP Compliance Requirement: Allowable Costs/Cost Principles (2 CFR Part 200, Subpart E) Type of Finding: Compliance and Internal Control Deficiency Condition: During our review of administrative expenditures, we identified a utility payment to NRG Business that included sales tax, which is unallowable under federal cost principles for tax-exempt entities. Specifically, the utility invoice dated June 30, 2023, in the amount of $713.43 included $51.47 in sales tax. Although the vendor later issued a credit for the sales tax amount, the original charge—including the unallowable portion—was allocated to various federal grants through the administrative cost pool. It is not clear whether the vendor credit was properly reallocated to reverse the original federal charges. The table below summarizes the impacted programs and amounts: Federal Program ALN Check No. Amount Charged Economic Development Administration 11.302 #70335 $66.99 Preventive Health & Health Services – Ombudsman 93.041 #70076 $56.16 Evidence-Based Health – Title III-D 93.043 #70335 $66.99 Medicare Enrollment Assistance – MIPPA 93.071 #70583 $75.50 State Primary Care Offices – HICAP 93.324 #71046 $80.00 ACA – LIHWAP Cluster 93.499 #69835 $43.14 Money Follows the Person – ADRC 93.791 #70335 $66.99 HIV Care Formula Grants – Ryan White 93.917 #70460 $35.63 Homeland Security Grant Program – SHSP 97.067 #69835 $43.14 Criteria: In accordance with 2 CFR §200.403 and §200.405, costs charged to federal awards must be necessary, reasonable, allocable, and allowable under the cost principles. As a tax-exempt entity, sales taxes paid in error are considered unallowable unless excluded from reimbursement or properly credited. Additionally, per §200.302(b)(2), recipients must maintain effective control over and accountability for all funds and ensure proper allocation of costs. Cause: STDC’s internal controls did not identify the inclusion of sales tax in the vendor invoice prior to payment. Furthermore, no mechanism was in place to ensure that vendor credits—once received—were retroactively applied to reverse the original allocations made to federal grants. Effect: Although the vendor issued a credit for the unallowable sales tax, the original amount was temporarily charged to multiple federal programs. The lack of documented reallocation creates a risk that federal programs may have absorbed unallowable costs or that cost allocations remain inaccurate. Recommendation: We recommend that STDC: • Strengthen internal controls to ensure that invoices are reviewed for unallowable costs (such as sales tax) prior to payment and allocation; • Establish procedures to track vendor credits and ensure that corresponding cost reallocations are applied to the correct funding sources; • Enhance documentation and reconciliation processes to demonstrate that post-payment adjustments are handled properly; • Train fiscal and grant staff on exempt status implications and cost allowability under Uniform Guidance. Questioned Costs: None (vendor credit issued); however, audit adjustments or reallocations may be necessary to ensure grant charges are corrected.
Federal Programs Affected: • 11.302 – Economic Development Administration (EDA) • 93.041 – Preventive Health and Health Services – Ombudsman • 93.043 – Prevention and Public Health – Evidence-Based Health Promotion (Title III-D) • 93.071 – Medicare Enrollment Assistance (MIPPA) • 93.324 – State Primary Care Offices (HICAP) • 93.499 – ACA – LIHWAP Cluster • 93.791 – Money Follows the Person – ADRC • 93.917 – HIV Care Formula Grants – Ryan White Service Delivery • 97.067 – Homeland Security Grant Program – SHSP Compliance Requirement: Allowable Costs/Cost Principles (2 CFR Part 200, Subpart E) Type of Finding: Compliance and Internal Control Deficiency Condition: During our review of administrative expenditures, we identified a utility payment to NRG Business that included sales tax, which is unallowable under federal cost principles for tax-exempt entities. Specifically, the utility invoice dated June 30, 2023, in the amount of $713.43 included $51.47 in sales tax. Although the vendor later issued a credit for the sales tax amount, the original charge—including the unallowable portion—was allocated to various federal grants through the administrative cost pool. It is not clear whether the vendor credit was properly reallocated to reverse the original federal charges. The table below summarizes the impacted programs and amounts: Federal Program ALN Check No. Amount Charged Economic Development Administration 11.302 #70335 $66.99 Preventive Health & Health Services – Ombudsman 93.041 #70076 $56.16 Evidence-Based Health – Title III-D 93.043 #70335 $66.99 Medicare Enrollment Assistance – MIPPA 93.071 #70583 $75.50 State Primary Care Offices – HICAP 93.324 #71046 $80.00 ACA – LIHWAP Cluster 93.499 #69835 $43.14 Money Follows the Person – ADRC 93.791 #70335 $66.99 HIV Care Formula Grants – Ryan White 93.917 #70460 $35.63 Homeland Security Grant Program – SHSP 97.067 #69835 $43.14 Criteria: In accordance with 2 CFR §200.403 and §200.405, costs charged to federal awards must be necessary, reasonable, allocable, and allowable under the cost principles. As a tax-exempt entity, sales taxes paid in error are considered unallowable unless excluded from reimbursement or properly credited. Additionally, per §200.302(b)(2), recipients must maintain effective control over and accountability for all funds and ensure proper allocation of costs. Cause: STDC’s internal controls did not identify the inclusion of sales tax in the vendor invoice prior to payment. Furthermore, no mechanism was in place to ensure that vendor credits—once received—were retroactively applied to reverse the original allocations made to federal grants. Effect: Although the vendor issued a credit for the unallowable sales tax, the original amount was temporarily charged to multiple federal programs. The lack of documented reallocation creates a risk that federal programs may have absorbed unallowable costs or that cost allocations remain inaccurate. Recommendation: We recommend that STDC: • Strengthen internal controls to ensure that invoices are reviewed for unallowable costs (such as sales tax) prior to payment and allocation; • Establish procedures to track vendor credits and ensure that corresponding cost reallocations are applied to the correct funding sources; • Enhance documentation and reconciliation processes to demonstrate that post-payment adjustments are handled properly; • Train fiscal and grant staff on exempt status implications and cost allowability under Uniform Guidance. Questioned Costs: None (vendor credit issued); however, audit adjustments or reallocations may be necessary to ensure grant charges are corrected.
Federal Programs Affected: • 11.302 – Economic Development Administration (EDA) • 93.041 – Preventive Health and Health Services – Ombudsman • 93.043 – Prevention and Public Health – Evidence-Based Health Promotion (Title III-D) • 93.071 – Medicare Enrollment Assistance (MIPPA) • 93.324 – State Primary Care Offices (HICAP) • 93.499 – ACA – LIHWAP Cluster • 93.791 – Money Follows the Person – ADRC • 93.917 – HIV Care Formula Grants – Ryan White Service Delivery • 97.067 – Homeland Security Grant Program – SHSP Compliance Requirement: Allowable Costs/Cost Principles (2 CFR Part 200, Subpart E) Type of Finding: Compliance and Internal Control Deficiency Condition: During our review of administrative expenditures, we identified a utility payment to NRG Business that included sales tax, which is unallowable under federal cost principles for tax-exempt entities. Specifically, the utility invoice dated June 30, 2023, in the amount of $713.43 included $51.47 in sales tax. Although the vendor later issued a credit for the sales tax amount, the original charge—including the unallowable portion—was allocated to various federal grants through the administrative cost pool. It is not clear whether the vendor credit was properly reallocated to reverse the original federal charges. The table below summarizes the impacted programs and amounts: Federal Program ALN Check No. Amount Charged Economic Development Administration 11.302 #70335 $66.99 Preventive Health & Health Services – Ombudsman 93.041 #70076 $56.16 Evidence-Based Health – Title III-D 93.043 #70335 $66.99 Medicare Enrollment Assistance – MIPPA 93.071 #70583 $75.50 State Primary Care Offices – HICAP 93.324 #71046 $80.00 ACA – LIHWAP Cluster 93.499 #69835 $43.14 Money Follows the Person – ADRC 93.791 #70335 $66.99 HIV Care Formula Grants – Ryan White 93.917 #70460 $35.63 Homeland Security Grant Program – SHSP 97.067 #69835 $43.14 Criteria: In accordance with 2 CFR §200.403 and §200.405, costs charged to federal awards must be necessary, reasonable, allocable, and allowable under the cost principles. As a tax-exempt entity, sales taxes paid in error are considered unallowable unless excluded from reimbursement or properly credited. Additionally, per §200.302(b)(2), recipients must maintain effective control over and accountability for all funds and ensure proper allocation of costs. Cause: STDC’s internal controls did not identify the inclusion of sales tax in the vendor invoice prior to payment. Furthermore, no mechanism was in place to ensure that vendor credits—once received—were retroactively applied to reverse the original allocations made to federal grants. Effect: Although the vendor issued a credit for the unallowable sales tax, the original amount was temporarily charged to multiple federal programs. The lack of documented reallocation creates a risk that federal programs may have absorbed unallowable costs or that cost allocations remain inaccurate. Recommendation: We recommend that STDC: • Strengthen internal controls to ensure that invoices are reviewed for unallowable costs (such as sales tax) prior to payment and allocation; • Establish procedures to track vendor credits and ensure that corresponding cost reallocations are applied to the correct funding sources; • Enhance documentation and reconciliation processes to demonstrate that post-payment adjustments are handled properly; • Train fiscal and grant staff on exempt status implications and cost allowability under Uniform Guidance. Questioned Costs: None (vendor credit issued); however, audit adjustments or reallocations may be necessary to ensure grant charges are corrected.
Federal Programs Affected: • 11.302 – Economic Development Administration (EDA) • 93.041 – Preventive Health and Health Services – Ombudsman • 93.043 – Prevention and Public Health – Evidence-Based Health Promotion (Title III-D) • 93.071 – Medicare Enrollment Assistance (MIPPA) • 93.324 – State Primary Care Offices (HICAP) • 93.499 – ACA – LIHWAP Cluster • 93.791 – Money Follows the Person – ADRC • 93.917 – HIV Care Formula Grants – Ryan White Service Delivery • 97.067 – Homeland Security Grant Program – SHSP Compliance Requirement: Allowable Costs/Cost Principles (2 CFR Part 200, Subpart E) Type of Finding: Compliance and Internal Control Deficiency Condition: During our review of administrative expenditures, we identified a utility payment to NRG Business that included sales tax, which is unallowable under federal cost principles for tax-exempt entities. Specifically, the utility invoice dated June 30, 2023, in the amount of $713.43 included $51.47 in sales tax. Although the vendor later issued a credit for the sales tax amount, the original charge—including the unallowable portion—was allocated to various federal grants through the administrative cost pool. It is not clear whether the vendor credit was properly reallocated to reverse the original federal charges. The table below summarizes the impacted programs and amounts: Federal Program ALN Check No. Amount Charged Economic Development Administration 11.302 #70335 $66.99 Preventive Health & Health Services – Ombudsman 93.041 #70076 $56.16 Evidence-Based Health – Title III-D 93.043 #70335 $66.99 Medicare Enrollment Assistance – MIPPA 93.071 #70583 $75.50 State Primary Care Offices – HICAP 93.324 #71046 $80.00 ACA – LIHWAP Cluster 93.499 #69835 $43.14 Money Follows the Person – ADRC 93.791 #70335 $66.99 HIV Care Formula Grants – Ryan White 93.917 #70460 $35.63 Homeland Security Grant Program – SHSP 97.067 #69835 $43.14 Criteria: In accordance with 2 CFR §200.403 and §200.405, costs charged to federal awards must be necessary, reasonable, allocable, and allowable under the cost principles. As a tax-exempt entity, sales taxes paid in error are considered unallowable unless excluded from reimbursement or properly credited. Additionally, per §200.302(b)(2), recipients must maintain effective control over and accountability for all funds and ensure proper allocation of costs. Cause: STDC’s internal controls did not identify the inclusion of sales tax in the vendor invoice prior to payment. Furthermore, no mechanism was in place to ensure that vendor credits—once received—were retroactively applied to reverse the original allocations made to federal grants. Effect: Although the vendor issued a credit for the unallowable sales tax, the original amount was temporarily charged to multiple federal programs. The lack of documented reallocation creates a risk that federal programs may have absorbed unallowable costs or that cost allocations remain inaccurate. Recommendation: We recommend that STDC: • Strengthen internal controls to ensure that invoices are reviewed for unallowable costs (such as sales tax) prior to payment and allocation; • Establish procedures to track vendor credits and ensure that corresponding cost reallocations are applied to the correct funding sources; • Enhance documentation and reconciliation processes to demonstrate that post-payment adjustments are handled properly; • Train fiscal and grant staff on exempt status implications and cost allowability under Uniform Guidance. Questioned Costs: None (vendor credit issued); however, audit adjustments or reallocations may be necessary to ensure grant charges are corrected.
Federal Programs Affected: • 11.302 – Economic Development Administration (EDA) • 93.041 – Preventive Health and Health Services – Ombudsman • 93.043 – Prevention and Public Health – Evidence-Based Health Promotion (Title III-D) • 93.071 – Medicare Enrollment Assistance (MIPPA) • 93.324 – State Primary Care Offices (HICAP) • 93.499 – ACA – LIHWAP Cluster • 93.791 – Money Follows the Person – ADRC • 93.917 – HIV Care Formula Grants – Ryan White Service Delivery • 97.067 – Homeland Security Grant Program – SHSP Compliance Requirement: Allowable Costs/Cost Principles (2 CFR Part 200, Subpart E) Type of Finding: Compliance and Internal Control Deficiency Condition: During our review of administrative expenditures, we identified a utility payment to NRG Business that included sales tax, which is unallowable under federal cost principles for tax-exempt entities. Specifically, the utility invoice dated June 30, 2023, in the amount of $713.43 included $51.47 in sales tax. Although the vendor later issued a credit for the sales tax amount, the original charge—including the unallowable portion—was allocated to various federal grants through the administrative cost pool. It is not clear whether the vendor credit was properly reallocated to reverse the original federal charges. The table below summarizes the impacted programs and amounts: Federal Program ALN Check No. Amount Charged Economic Development Administration 11.302 #70335 $66.99 Preventive Health & Health Services – Ombudsman 93.041 #70076 $56.16 Evidence-Based Health – Title III-D 93.043 #70335 $66.99 Medicare Enrollment Assistance – MIPPA 93.071 #70583 $75.50 State Primary Care Offices – HICAP 93.324 #71046 $80.00 ACA – LIHWAP Cluster 93.499 #69835 $43.14 Money Follows the Person – ADRC 93.791 #70335 $66.99 HIV Care Formula Grants – Ryan White 93.917 #70460 $35.63 Homeland Security Grant Program – SHSP 97.067 #69835 $43.14 Criteria: In accordance with 2 CFR §200.403 and §200.405, costs charged to federal awards must be necessary, reasonable, allocable, and allowable under the cost principles. As a tax-exempt entity, sales taxes paid in error are considered unallowable unless excluded from reimbursement or properly credited. Additionally, per §200.302(b)(2), recipients must maintain effective control over and accountability for all funds and ensure proper allocation of costs. Cause: STDC’s internal controls did not identify the inclusion of sales tax in the vendor invoice prior to payment. Furthermore, no mechanism was in place to ensure that vendor credits—once received—were retroactively applied to reverse the original allocations made to federal grants. Effect: Although the vendor issued a credit for the unallowable sales tax, the original amount was temporarily charged to multiple federal programs. The lack of documented reallocation creates a risk that federal programs may have absorbed unallowable costs or that cost allocations remain inaccurate. Recommendation: We recommend that STDC: • Strengthen internal controls to ensure that invoices are reviewed for unallowable costs (such as sales tax) prior to payment and allocation; • Establish procedures to track vendor credits and ensure that corresponding cost reallocations are applied to the correct funding sources; • Enhance documentation and reconciliation processes to demonstrate that post-payment adjustments are handled properly; • Train fiscal and grant staff on exempt status implications and cost allowability under Uniform Guidance. Questioned Costs: None (vendor credit issued); however, audit adjustments or reallocations may be necessary to ensure grant charges are corrected.
Federal Programs Affected: • 11.302 – Economic Development Administration (EDA) • 93.041 – Preventive Health and Health Services – Ombudsman • 93.043 – Prevention and Public Health – Evidence-Based Health Promotion (Title III-D) • 93.071 – Medicare Enrollment Assistance (MIPPA) • 93.324 – State Primary Care Offices (HICAP) • 93.499 – ACA – LIHWAP Cluster • 93.791 – Money Follows the Person – ADRC • 93.917 – HIV Care Formula Grants – Ryan White Service Delivery • 97.067 – Homeland Security Grant Program – SHSP Compliance Requirement: Allowable Costs/Cost Principles (2 CFR Part 200, Subpart E) Type of Finding: Compliance and Internal Control Deficiency Condition: During our review of administrative expenditures, we identified a utility payment to NRG Business that included sales tax, which is unallowable under federal cost principles for tax-exempt entities. Specifically, the utility invoice dated June 30, 2023, in the amount of $713.43 included $51.47 in sales tax. Although the vendor later issued a credit for the sales tax amount, the original charge—including the unallowable portion—was allocated to various federal grants through the administrative cost pool. It is not clear whether the vendor credit was properly reallocated to reverse the original federal charges. The table below summarizes the impacted programs and amounts: Federal Program ALN Check No. Amount Charged Economic Development Administration 11.302 #70335 $66.99 Preventive Health & Health Services – Ombudsman 93.041 #70076 $56.16 Evidence-Based Health – Title III-D 93.043 #70335 $66.99 Medicare Enrollment Assistance – MIPPA 93.071 #70583 $75.50 State Primary Care Offices – HICAP 93.324 #71046 $80.00 ACA – LIHWAP Cluster 93.499 #69835 $43.14 Money Follows the Person – ADRC 93.791 #70335 $66.99 HIV Care Formula Grants – Ryan White 93.917 #70460 $35.63 Homeland Security Grant Program – SHSP 97.067 #69835 $43.14 Criteria: In accordance with 2 CFR §200.403 and §200.405, costs charged to federal awards must be necessary, reasonable, allocable, and allowable under the cost principles. As a tax-exempt entity, sales taxes paid in error are considered unallowable unless excluded from reimbursement or properly credited. Additionally, per §200.302(b)(2), recipients must maintain effective control over and accountability for all funds and ensure proper allocation of costs. Cause: STDC’s internal controls did not identify the inclusion of sales tax in the vendor invoice prior to payment. Furthermore, no mechanism was in place to ensure that vendor credits—once received—were retroactively applied to reverse the original allocations made to federal grants. Effect: Although the vendor issued a credit for the unallowable sales tax, the original amount was temporarily charged to multiple federal programs. The lack of documented reallocation creates a risk that federal programs may have absorbed unallowable costs or that cost allocations remain inaccurate. Recommendation: We recommend that STDC: • Strengthen internal controls to ensure that invoices are reviewed for unallowable costs (such as sales tax) prior to payment and allocation; • Establish procedures to track vendor credits and ensure that corresponding cost reallocations are applied to the correct funding sources; • Enhance documentation and reconciliation processes to demonstrate that post-payment adjustments are handled properly; • Train fiscal and grant staff on exempt status implications and cost allowability under Uniform Guidance. Questioned Costs: None (vendor credit issued); however, audit adjustments or reallocations may be necessary to ensure grant charges are corrected.
Federal Programs Affected: • 11.302 – Economic Development Administration (EDA) • 93.041 – Preventive Health and Health Services – Ombudsman • 93.043 – Prevention and Public Health – Evidence-Based Health Promotion (Title III-D) • 93.071 – Medicare Enrollment Assistance (MIPPA) • 93.324 – State Primary Care Offices (HICAP) • 93.499 – ACA – LIHWAP Cluster • 93.791 – Money Follows the Person – ADRC • 93.917 – HIV Care Formula Grants – Ryan White Service Delivery • 97.067 – Homeland Security Grant Program – SHSP Compliance Requirement: Allowable Costs/Cost Principles (2 CFR Part 200, Subpart E) Type of Finding: Compliance and Internal Control Deficiency Condition: During our review of administrative expenditures, we identified a utility payment to NRG Business that included sales tax, which is unallowable under federal cost principles for tax-exempt entities. Specifically, the utility invoice dated June 30, 2023, in the amount of $713.43 included $51.47 in sales tax. Although the vendor later issued a credit for the sales tax amount, the original charge—including the unallowable portion—was allocated to various federal grants through the administrative cost pool. It is not clear whether the vendor credit was properly reallocated to reverse the original federal charges. The table below summarizes the impacted programs and amounts: Federal Program ALN Check No. Amount Charged Economic Development Administration 11.302 #70335 $66.99 Preventive Health & Health Services – Ombudsman 93.041 #70076 $56.16 Evidence-Based Health – Title III-D 93.043 #70335 $66.99 Medicare Enrollment Assistance – MIPPA 93.071 #70583 $75.50 State Primary Care Offices – HICAP 93.324 #71046 $80.00 ACA – LIHWAP Cluster 93.499 #69835 $43.14 Money Follows the Person – ADRC 93.791 #70335 $66.99 HIV Care Formula Grants – Ryan White 93.917 #70460 $35.63 Homeland Security Grant Program – SHSP 97.067 #69835 $43.14 Criteria: In accordance with 2 CFR §200.403 and §200.405, costs charged to federal awards must be necessary, reasonable, allocable, and allowable under the cost principles. As a tax-exempt entity, sales taxes paid in error are considered unallowable unless excluded from reimbursement or properly credited. Additionally, per §200.302(b)(2), recipients must maintain effective control over and accountability for all funds and ensure proper allocation of costs. Cause: STDC’s internal controls did not identify the inclusion of sales tax in the vendor invoice prior to payment. Furthermore, no mechanism was in place to ensure that vendor credits—once received—were retroactively applied to reverse the original allocations made to federal grants. Effect: Although the vendor issued a credit for the unallowable sales tax, the original amount was temporarily charged to multiple federal programs. The lack of documented reallocation creates a risk that federal programs may have absorbed unallowable costs or that cost allocations remain inaccurate. Recommendation: We recommend that STDC: • Strengthen internal controls to ensure that invoices are reviewed for unallowable costs (such as sales tax) prior to payment and allocation; • Establish procedures to track vendor credits and ensure that corresponding cost reallocations are applied to the correct funding sources; • Enhance documentation and reconciliation processes to demonstrate that post-payment adjustments are handled properly; • Train fiscal and grant staff on exempt status implications and cost allowability under Uniform Guidance. Questioned Costs: None (vendor credit issued); however, audit adjustments or reallocations may be necessary to ensure grant charges are corrected.
Federal Programs Affected: • 11.302 – Economic Development Administration (EDA) • 93.041 – Preventive Health and Health Services – Ombudsman • 93.043 – Prevention and Public Health – Evidence-Based Health Promotion (Title III-D) • 93.071 – Medicare Enrollment Assistance (MIPPA) • 93.324 – State Primary Care Offices (HICAP) • 93.499 – ACA – LIHWAP Cluster • 93.791 – Money Follows the Person – ADRC • 93.917 – HIV Care Formula Grants – Ryan White Service Delivery • 97.067 – Homeland Security Grant Program – SHSP Compliance Requirement: Allowable Costs/Cost Principles (2 CFR Part 200, Subpart E) Type of Finding: Compliance and Internal Control Deficiency Condition: During our review of administrative expenditures, we identified a utility payment to NRG Business that included sales tax, which is unallowable under federal cost principles for tax-exempt entities. Specifically, the utility invoice dated June 30, 2023, in the amount of $713.43 included $51.47 in sales tax. Although the vendor later issued a credit for the sales tax amount, the original charge—including the unallowable portion—was allocated to various federal grants through the administrative cost pool. It is not clear whether the vendor credit was properly reallocated to reverse the original federal charges. The table below summarizes the impacted programs and amounts: Federal Program ALN Check No. Amount Charged Economic Development Administration 11.302 #70335 $66.99 Preventive Health & Health Services – Ombudsman 93.041 #70076 $56.16 Evidence-Based Health – Title III-D 93.043 #70335 $66.99 Medicare Enrollment Assistance – MIPPA 93.071 #70583 $75.50 State Primary Care Offices – HICAP 93.324 #71046 $80.00 ACA – LIHWAP Cluster 93.499 #69835 $43.14 Money Follows the Person – ADRC 93.791 #70335 $66.99 HIV Care Formula Grants – Ryan White 93.917 #70460 $35.63 Homeland Security Grant Program – SHSP 97.067 #69835 $43.14 Criteria: In accordance with 2 CFR §200.403 and §200.405, costs charged to federal awards must be necessary, reasonable, allocable, and allowable under the cost principles. As a tax-exempt entity, sales taxes paid in error are considered unallowable unless excluded from reimbursement or properly credited. Additionally, per §200.302(b)(2), recipients must maintain effective control over and accountability for all funds and ensure proper allocation of costs. Cause: STDC’s internal controls did not identify the inclusion of sales tax in the vendor invoice prior to payment. Furthermore, no mechanism was in place to ensure that vendor credits—once received—were retroactively applied to reverse the original allocations made to federal grants. Effect: Although the vendor issued a credit for the unallowable sales tax, the original amount was temporarily charged to multiple federal programs. The lack of documented reallocation creates a risk that federal programs may have absorbed unallowable costs or that cost allocations remain inaccurate. Recommendation: We recommend that STDC: • Strengthen internal controls to ensure that invoices are reviewed for unallowable costs (such as sales tax) prior to payment and allocation; • Establish procedures to track vendor credits and ensure that corresponding cost reallocations are applied to the correct funding sources; • Enhance documentation and reconciliation processes to demonstrate that post-payment adjustments are handled properly; • Train fiscal and grant staff on exempt status implications and cost allowability under Uniform Guidance. Questioned Costs: None (vendor credit issued); however, audit adjustments or reallocations may be necessary to ensure grant charges are corrected.
Federal Programs Affected: • 11.302 – Economic Development Administration (EDA) • 93.041 – Preventive Health and Health Services – Ombudsman • 93.043 – Prevention and Public Health – Evidence-Based Health Promotion (Title III-D) • 93.071 – Medicare Enrollment Assistance (MIPPA) • 93.324 – State Primary Care Offices (HICAP) • 93.499 – ACA – LIHWAP Cluster • 93.791 – Money Follows the Person – ADRC • 93.917 – HIV Care Formula Grants – Ryan White Service Delivery • 97.067 – Homeland Security Grant Program – SHSP Compliance Requirement: Allowable Costs/Cost Principles (2 CFR Part 200, Subpart E) Type of Finding: Compliance and Internal Control Deficiency Condition: During our review of administrative expenditures, we identified a utility payment to NRG Business that included sales tax, which is unallowable under federal cost principles for tax-exempt entities. Specifically, the utility invoice dated June 30, 2023, in the amount of $713.43 included $51.47 in sales tax. Although the vendor later issued a credit for the sales tax amount, the original charge—including the unallowable portion—was allocated to various federal grants through the administrative cost pool. It is not clear whether the vendor credit was properly reallocated to reverse the original federal charges. The table below summarizes the impacted programs and amounts: Federal Program ALN Check No. Amount Charged Economic Development Administration 11.302 #70335 $66.99 Preventive Health & Health Services – Ombudsman 93.041 #70076 $56.16 Evidence-Based Health – Title III-D 93.043 #70335 $66.99 Medicare Enrollment Assistance – MIPPA 93.071 #70583 $75.50 State Primary Care Offices – HICAP 93.324 #71046 $80.00 ACA – LIHWAP Cluster 93.499 #69835 $43.14 Money Follows the Person – ADRC 93.791 #70335 $66.99 HIV Care Formula Grants – Ryan White 93.917 #70460 $35.63 Homeland Security Grant Program – SHSP 97.067 #69835 $43.14 Criteria: In accordance with 2 CFR §200.403 and §200.405, costs charged to federal awards must be necessary, reasonable, allocable, and allowable under the cost principles. As a tax-exempt entity, sales taxes paid in error are considered unallowable unless excluded from reimbursement or properly credited. Additionally, per §200.302(b)(2), recipients must maintain effective control over and accountability for all funds and ensure proper allocation of costs. Cause: STDC’s internal controls did not identify the inclusion of sales tax in the vendor invoice prior to payment. Furthermore, no mechanism was in place to ensure that vendor credits—once received—were retroactively applied to reverse the original allocations made to federal grants. Effect: Although the vendor issued a credit for the unallowable sales tax, the original amount was temporarily charged to multiple federal programs. The lack of documented reallocation creates a risk that federal programs may have absorbed unallowable costs or that cost allocations remain inaccurate. Recommendation: We recommend that STDC: • Strengthen internal controls to ensure that invoices are reviewed for unallowable costs (such as sales tax) prior to payment and allocation; • Establish procedures to track vendor credits and ensure that corresponding cost reallocations are applied to the correct funding sources; • Enhance documentation and reconciliation processes to demonstrate that post-payment adjustments are handled properly; • Train fiscal and grant staff on exempt status implications and cost allowability under Uniform Guidance. Questioned Costs: None (vendor credit issued); however, audit adjustments or reallocations may be necessary to ensure grant charges are corrected.
Federal Programs Affected: • 11.302 – Economic Development Administration (EDA) • 93.041 – Preventive Health and Health Services – Ombudsman • 93.043 – Prevention and Public Health – Evidence-Based Health Promotion (Title III-D) • 93.071 – Medicare Enrollment Assistance (MIPPA) • 93.324 – State Primary Care Offices (HICAP) • 93.499 – ACA – LIHWAP Cluster • 93.791 – Money Follows the Person – ADRC • 93.917 – HIV Care Formula Grants – Ryan White Service Delivery • 97.067 – Homeland Security Grant Program – SHSP Compliance Requirement: Allowable Costs/Cost Principles (2 CFR Part 200, Subpart E) Type of Finding: Compliance and Internal Control Deficiency Condition: During our review of administrative expenditures, we identified a utility payment to NRG Business that included sales tax, which is unallowable under federal cost principles for tax-exempt entities. Specifically, the utility invoice dated June 30, 2023, in the amount of $713.43 included $51.47 in sales tax. Although the vendor later issued a credit for the sales tax amount, the original charge—including the unallowable portion—was allocated to various federal grants through the administrative cost pool. It is not clear whether the vendor credit was properly reallocated to reverse the original federal charges. The table below summarizes the impacted programs and amounts: Federal Program ALN Check No. Amount Charged Economic Development Administration 11.302 #70335 $66.99 Preventive Health & Health Services – Ombudsman 93.041 #70076 $56.16 Evidence-Based Health – Title III-D 93.043 #70335 $66.99 Medicare Enrollment Assistance – MIPPA 93.071 #70583 $75.50 State Primary Care Offices – HICAP 93.324 #71046 $80.00 ACA – LIHWAP Cluster 93.499 #69835 $43.14 Money Follows the Person – ADRC 93.791 #70335 $66.99 HIV Care Formula Grants – Ryan White 93.917 #70460 $35.63 Homeland Security Grant Program – SHSP 97.067 #69835 $43.14 Criteria: In accordance with 2 CFR §200.403 and §200.405, costs charged to federal awards must be necessary, reasonable, allocable, and allowable under the cost principles. As a tax-exempt entity, sales taxes paid in error are considered unallowable unless excluded from reimbursement or properly credited. Additionally, per §200.302(b)(2), recipients must maintain effective control over and accountability for all funds and ensure proper allocation of costs. Cause: STDC’s internal controls did not identify the inclusion of sales tax in the vendor invoice prior to payment. Furthermore, no mechanism was in place to ensure that vendor credits—once received—were retroactively applied to reverse the original allocations made to federal grants. Effect: Although the vendor issued a credit for the unallowable sales tax, the original amount was temporarily charged to multiple federal programs. The lack of documented reallocation creates a risk that federal programs may have absorbed unallowable costs or that cost allocations remain inaccurate. Recommendation: We recommend that STDC: • Strengthen internal controls to ensure that invoices are reviewed for unallowable costs (such as sales tax) prior to payment and allocation; • Establish procedures to track vendor credits and ensure that corresponding cost reallocations are applied to the correct funding sources; • Enhance documentation and reconciliation processes to demonstrate that post-payment adjustments are handled properly; • Train fiscal and grant staff on exempt status implications and cost allowability under Uniform Guidance. Questioned Costs: None (vendor credit issued); however, audit adjustments or reallocations may be necessary to ensure grant charges are corrected.
Federal Programs Affected: • 11.302 – Economic Development Administration (EDA) • 93.041 – Preventive Health and Health Services – Ombudsman • 93.043 – Prevention and Public Health – Evidence-Based Health Promotion (Title III-D) • 93.071 – Medicare Enrollment Assistance (MIPPA) • 93.324 – State Primary Care Offices (HICAP) • 93.499 – ACA – LIHWAP Cluster • 93.791 – Money Follows the Person – ADRC • 93.917 – HIV Care Formula Grants – Ryan White Service Delivery • 97.067 – Homeland Security Grant Program – SHSP Compliance Requirement: Allowable Costs/Cost Principles (2 CFR Part 200, Subpart E) Type of Finding: Compliance and Internal Control Deficiency Condition: During our review of administrative expenditures, we identified a utility payment to NRG Business that included sales tax, which is unallowable under federal cost principles for tax-exempt entities. Specifically, the utility invoice dated June 30, 2023, in the amount of $713.43 included $51.47 in sales tax. Although the vendor later issued a credit for the sales tax amount, the original charge—including the unallowable portion—was allocated to various federal grants through the administrative cost pool. It is not clear whether the vendor credit was properly reallocated to reverse the original federal charges. The table below summarizes the impacted programs and amounts: Federal Program ALN Check No. Amount Charged Economic Development Administration 11.302 #70335 $66.99 Preventive Health & Health Services – Ombudsman 93.041 #70076 $56.16 Evidence-Based Health – Title III-D 93.043 #70335 $66.99 Medicare Enrollment Assistance – MIPPA 93.071 #70583 $75.50 State Primary Care Offices – HICAP 93.324 #71046 $80.00 ACA – LIHWAP Cluster 93.499 #69835 $43.14 Money Follows the Person – ADRC 93.791 #70335 $66.99 HIV Care Formula Grants – Ryan White 93.917 #70460 $35.63 Homeland Security Grant Program – SHSP 97.067 #69835 $43.14 Criteria: In accordance with 2 CFR §200.403 and §200.405, costs charged to federal awards must be necessary, reasonable, allocable, and allowable under the cost principles. As a tax-exempt entity, sales taxes paid in error are considered unallowable unless excluded from reimbursement or properly credited. Additionally, per §200.302(b)(2), recipients must maintain effective control over and accountability for all funds and ensure proper allocation of costs. Cause: STDC’s internal controls did not identify the inclusion of sales tax in the vendor invoice prior to payment. Furthermore, no mechanism was in place to ensure that vendor credits—once received—were retroactively applied to reverse the original allocations made to federal grants. Effect: Although the vendor issued a credit for the unallowable sales tax, the original amount was temporarily charged to multiple federal programs. The lack of documented reallocation creates a risk that federal programs may have absorbed unallowable costs or that cost allocations remain inaccurate. Recommendation: We recommend that STDC: • Strengthen internal controls to ensure that invoices are reviewed for unallowable costs (such as sales tax) prior to payment and allocation; • Establish procedures to track vendor credits and ensure that corresponding cost reallocations are applied to the correct funding sources; • Enhance documentation and reconciliation processes to demonstrate that post-payment adjustments are handled properly; • Train fiscal and grant staff on exempt status implications and cost allowability under Uniform Guidance. Questioned Costs: None (vendor credit issued); however, audit adjustments or reallocations may be necessary to ensure grant charges are corrected.
S3800-010 Finding Reference Number – 2023-002 S3800-011 Title and CFDA Number of Federal Program – Section 232 Loan – Mortgage Insurance Nursing Homes, Intermediate Care Facilities, Board and Care Homes and Assisted Living Facilities Loan, ALN 14.129 S3800-015 Type of Finding – Federal Award Finding Other Matters S3800-016 Finding Resolution Status – In progress S3800-017 Information on Universe Population Size – 1,710 checks and bank transfers, all disbursements from bank accounts. S3800-018 Sample Size Information – Sample size was 49 disbursements. Errors were found on 2 out of the 49 disbursements tested. S3800-019 Identification of Repeat Finding and Finding Reference Number – N/A S3800-020 Criteria – Per 2 CFR sections 200.302 and 200.303 of the Uniform Guidance, an entity must establish and maintain effective internal control over the federal awards that provide reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations and terms and conditions of the federal award. Allowable cost controls of Cheney Care Community require general ledger account coding to be written on each invoice to be reviewed by the Executive Director before the invoice is processed to be paid. S3800-030 Statement of Condition – During our audit, we noted two invoices that did not include the general ledger account coding on the invoices, as required by Cheney Care Community’s allowable cost controls. The invoices were recorded to the proper general ledger accounts. S3800-032 Cause – Cheney Care Community did not follow their documented internal controls over financial reporting and allowable costs to ensure general ledger coding is included on each invoice for review and approval. S3800-033 Effect or Potential Effect – Failure to maintain effective internal controls over compliance with federal requirements increases the risk of unauthorized or unallowable transactions occurring. S3800-035 Auditor Non-Compliance Code – S (Internal Controls) S3800-037 FHA/Contract Number – 171-22029 S3800-038 Questioned Costs – $0 S3800-040 Questioned Costs – $0 S3800-045 Reporting Views of Responsible Officials – Cheney Care Community is in agreement with the findings, and the recommendations have been implemented. S3800-050 Context – A sample of 49 checks totaling $206,327 was selected for audit from a population of 1,710 checks totaling $11,294,298. The test found two checks that were not in compliance with Cheney Care Community’s allowable cost controls totaling $93. The invoices were recorded to the proper general ledger accounts. Our sample was a statistically valid sample. S3800-080 Recommendation – We recommend management of Cheney Care Community review their internal controls over the cash disbursement process with the necessary individuals involved in the process to ensure the implementation of general ledger account coding on cash disbursements is consistently performed going forward. S3800-090 Auditor’s Summary of Auditee Comments on the Findings and Recommendations – The Executive Director and A/P Clerk agreed upon using certain general ledger account codes consistently for similar purchases from the same vendor. In Cheney Care Community’s accounting system, these agreed upon general ledger account codes have been pre-set as a default for certain vendors. When invoices are received that should be appropriately coded to this default general ledger account code, errors of not documenting the general ledger account code on the invoice are periodically made. Cheney Care Community will consistently perform the general ledger account coding internal control procedures on invoices going forward. S3800-130 Response Indicator – Agree S3800-140 Completion Date – September 30, 2024 S3800-150 Response – Cheney Care Community will consistently perform the general ledger account coding internal control procedures on invoices going forward.
S3800-010 Finding Reference Number – 2023-002 S3800-011 Title and CFDA Number of Federal Program – Section 202 Supportive Housing for the Elderly, Capital Advance and Project Rental Assistance Contract, ALN 14.157 S3800-015 Type of Finding – Federal Award Finding; Other Matters S3800-016 Finding Resolution Status – In progress S3800-017 Information on Universe Population Size – 202 checks and bank transfers, all disbursements from bank accounts S3800-018 Sample Size Information – Sample size was 40 disbursements. Errors were found on 1 out of the 40 disbursements tested. S3800-019 Identification of Repeat Finding and Finding Reference Number – N/A S3800-020 Criteria – Per 2 CFR sections 200.302 and 200.303 of the Uniform Guidance, an entity must establish and maintain effective internal control over the federal awards that provide reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations and terms and conditions of the federal award. Allowable cost controls of Sessions Village 202 require general ledger account coding to be written on each invoice to be reviewed by the Executive Director before the invoice is processed to be paid. S3800-030 Statement of Condition – During our audit, we noted one invoice that did not include the general ledger account coding on the invoice, as required by Sessions Village 202’s allowable cost controls. The invoice was recorded to the proper general ledger account. S3800-032 Cause – Sessions Village 202 did not follow their documented internal controls over financial reporting and allowable costs to ensure general ledger coding is included on each invoice for review and approval. S3800-033 Effect or Potential Effect – Failure to maintain effective internal controls over compliance with federal requirements increases the risk of unauthorized or unallowable transactions occurring. S3800-035 Auditor Non-Compliance Code – S (Internal Controls) S3800-037 FHA/Contract Number – 171-EE015 S3800-038 Questioned Costs – $0 S3800-040 Questioned Costs – $0 S3800-045 Reporting Views of Responsible Officials – Sessions Village 202 is in agreement with the findings, and the recommendations have been implemented. S3800-050 Context – A sample of 40 checks totaling $41,900 was selected for audit from a population of 202 checks totaling $186,253. The test found one check that was not in compliance with Sessions Village 202’s allowable cost controls totaling $369. The invoice was recorded to the proper general ledger account. Our sample was a statistically valid sample. S3800-080 Recommendation – We recommend management of Sessions Village 202 review their internal controls over the cash disbursement process with the necessary individuals involved in the process to ensure the implementation of general ledger account coding on cash disbursements is consistently performed going forward. S3800-090 Auditor’s Summary of Auditee Comments on the Findings and Recommendations – The Executive Director and A/P Clerk agreed upon using certain general ledger account codes consistently for similar purchases from the same vendor. In Sessions Village 202’s accounting system, these agreed upon general ledger account codes have been pre-set as a default for certain vendors. When invoices are received that should be appropriately coded to this default general ledger account code, errors of not documenting the general ledger account code on the invoice are periodically made. Sessions Village 202 will consistently perform the general ledger account coding internal control procedures on invoices going forward. S3800-130 Response Indicator – Agree S3800-140 Completion Date – September 30, 2024 S3800-150 Response – Sessions Village 202 will consistently perform the general ledger account coding internal control procedures on invoices going forward.
S3800-010 Finding Reference Number – 2023-002 S3800-011 Title and CFDA Number of Federal Program – Section 202 Supportive Housing for the Elderly, Capital Advance and Project Rental Assistance Contract, ALN 14.157 S3800-015 Type of Finding – Federal Award Finding; Other Matters S3800-016 Finding Resolution Status – In progress S3800-017 Information on Universe Population Size – 202 checks and bank transfers, all disbursements from bank accounts S3800-018 Sample Size Information – Sample size was 40 disbursements. Errors were found on 1 out of the 40 disbursements tested. S3800-019 Identification of Repeat Finding and Finding Reference Number – N/A S3800-020 Criteria – Per 2 CFR sections 200.302 and 200.303 of the Uniform Guidance, an entity must establish and maintain effective internal control over the federal awards that provide reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations and terms and conditions of the federal award. Allowable cost controls of Sessions Village 202 require general ledger account coding to be written on each invoice to be reviewed by the Executive Director before the invoice is processed to be paid. S3800-030 Statement of Condition – During our audit, we noted one invoice that did not include the general ledger account coding on the invoice, as required by Sessions Village 202’s allowable cost controls. The invoice was recorded to the proper general ledger account. S3800-032 Cause – Sessions Village 202 did not follow their documented internal controls over financial reporting and allowable costs to ensure general ledger coding is included on each invoice for review and approval. S3800-033 Effect or Potential Effect – Failure to maintain effective internal controls over compliance with federal requirements increases the risk of unauthorized or unallowable transactions occurring. S3800-035 Auditor Non-Compliance Code – S (Internal Controls) S3800-037 FHA/Contract Number – 171-EE015 S3800-038 Questioned Costs – $0 S3800-040 Questioned Costs – $0 S3800-045 Reporting Views of Responsible Officials – Sessions Village 202 is in agreement with the findings, and the recommendations have been implemented. S3800-050 Context – A sample of 40 checks totaling $41,900 was selected for audit from a population of 202 checks totaling $186,253. The test found one check that was not in compliance with Sessions Village 202’s allowable cost controls totaling $369. The invoice was recorded to the proper general ledger account. Our sample was a statistically valid sample. S3800-080 Recommendation – We recommend management of Sessions Village 202 review their internal controls over the cash disbursement process with the necessary individuals involved in the process to ensure the implementation of general ledger account coding on cash disbursements is consistently performed going forward. S3800-090 Auditor’s Summary of Auditee Comments on the Findings and Recommendations – The Executive Director and A/P Clerk agreed upon using certain general ledger account codes consistently for similar purchases from the same vendor. In Sessions Village 202’s accounting system, these agreed upon general ledger account codes have been pre-set as a default for certain vendors. When invoices are received that should be appropriately coded to this default general ledger account code, errors of not documenting the general ledger account code on the invoice are periodically made. Sessions Village 202 will consistently perform the general ledger account coding internal control procedures on invoices going forward. S3800-130 Response Indicator – Agree S3800-140 Completion Date – September 30, 2024 S3800-150 Response – Sessions Village 202 will consistently perform the general ledger account coding internal control procedures on invoices going forward.
2023-005 Internal Controls over Grant Management (Significant Deficiency and Noncompliance) Criteria: 2 CFR 200.302 establishes the requirements of a financial management system adequate to ensure compliance with federal regulations. This system must include written procedures to implement requirements for payment methods and determine the allowability of costs in accordance with subpart E. Statement of Condition: The City has written fiscal policies but they do not meet the financial management system requirements established in the regulations. Cause: The City has processes and procedures in place to administer grant funds but written policies do not contain compliance requirements. Effect: The City is not in compliance with financial management system requirements. Recommendation: The City should develop a grants manual or additional written policies to incorporate all the requirements of 2 CFR 200 and ensure compliance. Views of Management and Planned Corrective Action: See Corrective Action Plan included at the end of the report.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.
Finding 2023‐001—Significant Deficiency in Internal Controls over Compliance: Research and Development Cluster Program—Research and Development Cluster (R&D) Criteria—Compliance with the financial management and internal control requirements outlined in Title 2 below, exhibited the following U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; Sections 200.302‐303 (“Section 200.302‐303”) is required for all federal awards. Section 200.302‐303 outlines the various requirements around documentation and internal controls. Condition and Context—Baystate Health’s internal controls over R&D allowable costs, special tests and provisions, and amounts reported on the schedule of expenditures of federal awards (SEFA) in accordance with Section 200.302‐303 were not appropriately designed and implemented, or operated, effectively. Specifically, during the 2023 audit, the following conditions were identified: In instances, controls, as described below, exhibited the following: o Certain roles and responsibilities within the Sponsored Programs Administration (SPA) were inadequately defined and not understood by control owners o inconsistent documentation evidencing review over R&D compliance requirements o lack of a central repository for documentation related to the performance of internal control procedures and compliance with grant requirements For five out of 40 National Institute of Health salary cap selections related to special tests and provisions, the monthly review of the summary report by grant activity was not adequately and consistently performed. The summary report is editable by end users and the review performed was not precise enough to identify formula errors in the calculations; or key personnel who were incorrectly excluded from the report. The review of indirect costs and fringe benefits on the SPA intake form was not precise enough to identify errors in a timely manner. The SPA form includes key grant data and is used in the initial setup of new grants to input indirect cost and fringe benefit rates in the general ledger system. For two out of 16 selections of indirect costs and fringe benefit amounts errors were not identified on a timely basis and were corrected in a subsequent period. The review and preparation of the SEFA for R&D grants was not timely and precise enough to ensure accuracy. This resulted in a lack of accuracy of grant award information presented on the SEFA; as well as the inclusion of grant expenses pertaining to prior fiscal periods on the current year’s SEFA since they were not identified timely in the prior years. Approximately $39 thousand in R&D expenditures related to prior fiscal years was included on the 2023 SEFA as they were not identified timely in prior fiscal years. These control deviations when considered in the aggregate are indicative of a significant deficiency in the design, implementation, and operating effectiveness of the internal controls. Questioned Costs—none Cause—Personnel responsible for internal controls over compliance related to R&D were not adequately aware of the documentation requirements of Section 200.302‐303. Additionally, the internal control framework is not clearly defined and relies heavily on manual control processes that are highly susceptible to human error. Reviews were not performed a precise enough level and on a timely basis. Effect—Failures in internal controls have the potential to result in instances of noncompliance with R&D grant requirements. Recommendation— The delay in completing the September 30, 2023, Uniform Guidance audit procedures as well as the deficiencies in internal controls identified during the audit related to R&D indicates that the controls over compliance for R&D should be assessed and, where necessary, corrective action needs to be taken to enable Baystate Health to produce appropriate supporting documentation on a timely basis and maintain appropriate internal controls over all compliance requirements. Specifically, we recommend that: The roles and responsibilities of the individuals involved in the SPA should be challenged to ensure that all critical functions are addressed; the distribution of responsibilities is appropriate; and positions include an element of cross‐training. The capabilities of the individuals and the level of resources should be assessed to make sure that they are consistent with the responsibilities assigned. Policies and procedures should be developed, documented and maintained/updated for all significant grant‐related activities. On‐going monitoring should take place to assure that such policies and procedures are executed accurately. Internal controls could be enhanced by standardizing best practices and providing ongoing training regarding federal requirements over compliance and documentation. A system should be implemented to maintain documentation related to internal controls and compliance requirements for federal grants in such a way that this documentation is easily accessible and clearly interpretated. The process for calculating and reviewing salary cap requirements should be revised to include a check that the reports reviewed as part of the control process are complete and accurate. Controls should be implemented consistently to facilitate a timely review of indirect cost and fringe benefit rates at the initial set‐up of the activity within the general ledger. A more thorough closing process should be performed to review information included on the SEFA and to record grant‐related expenses timely to minimize the risk of recognizing out‐of‐period expenses for SEFA reporting.