2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-031 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring. During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent). We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements. Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity. Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendation We recommend the Department: • Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements. • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements. Department’s Response The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required. Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit. Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time. It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency. The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-027 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance. We consider these internal control deficiencies to be a material weakness. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance. Recommendation We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements. Department’s Response The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance. The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented. The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor. The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Suspension and Debarment Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent. The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment. We consider these internal control deficiencies to be a material weakness. This issue was not reported as a finding in the prior audit. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards. Recommendation We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements. Department’s Response The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required. Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit. Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time. It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency. The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-031 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring. During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent). We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements. Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity. Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendation We recommend the Department: • Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements. • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements. Department’s Response The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required. Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit. Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time. It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency. The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-027 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance. We consider these internal control deficiencies to be a material weakness. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance. Recommendation We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements. Department’s Response The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance. The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented. The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor. The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Suspension and Debarment Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent. The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment. We consider these internal control deficiencies to be a material weakness. This issue was not reported as a finding in the prior audit. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards. Recommendation We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements. Department’s Response The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required. Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit. Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time. It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency. The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-031 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring. During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent). We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements. Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity. Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendation We recommend the Department: • Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements. • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements. Department’s Response The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required. Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit. Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time. It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency. The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-027 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance. We consider these internal control deficiencies to be a material weakness. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance. Recommendation We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements. Department’s Response The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance. The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented. The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor. The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Suspension and Debarment Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent. The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment. We consider these internal control deficiencies to be a material weakness. This issue was not reported as a finding in the prior audit. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards. Recommendation We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements. Department’s Response The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required. Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit. Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time. It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency. The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-031 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring. During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent). We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements. Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity. Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendation We recommend the Department: • Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements. • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements. Department’s Response The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required. Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit. Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time. It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency. The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-027 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance. We consider these internal control deficiencies to be a material weakness. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance. Recommendation We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements. Department’s Response The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance. The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented. The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor. The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Suspension and Debarment Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent. The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment. We consider these internal control deficiencies to be a material weakness. This issue was not reported as a finding in the prior audit. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards. Recommendation We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements. Department’s Response The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required. Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit. Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time. It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency. The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-031 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring. During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent). We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements. Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity. Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendation We recommend the Department: • Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements. • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements. Department’s Response The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required. Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit. Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time. It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency. The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-027 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance. We consider these internal control deficiencies to be a material weakness. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance. Recommendation We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements. Department’s Response The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance. The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented. The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor. The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Suspension and Debarment Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent. The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment. We consider these internal control deficiencies to be a material weakness. This issue was not reported as a finding in the prior audit. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards. Recommendation We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements. Department’s Response The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required. Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit. Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time. It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency. The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-031 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring. During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent). We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements. Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity. Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendation We recommend the Department: • Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements. • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements. Department’s Response The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required. Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit. Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time. It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency. The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-027 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance. We consider these internal control deficiencies to be a material weakness. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance. Recommendation We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements. Department’s Response The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance. The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented. The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor. The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Suspension and Debarment Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent. The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment. We consider these internal control deficiencies to be a material weakness. This issue was not reported as a finding in the prior audit. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards. Recommendation We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements. Department’s Response The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required. Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit. Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time. It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency. The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-031 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring. During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent). We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements. Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity. Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendation We recommend the Department: • Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements. • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements. Department’s Response The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required. Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit. Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time. It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency. The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-027 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance. We consider these internal control deficiencies to be a material weakness. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance. Recommendation We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements. Department’s Response The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance. The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented. The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor. The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Suspension and Debarment Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent. The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment. We consider these internal control deficiencies to be a material weakness. This issue was not reported as a finding in the prior audit. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards. Recommendation We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements. Department’s Response The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required. Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit. Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time. It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency. The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-031 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring. During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent). We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements. Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity. Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendation We recommend the Department: • Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements. • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements. Department’s Response The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required. Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit. Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time. It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency. The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-027 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance. We consider these internal control deficiencies to be a material weakness. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance. Recommendation We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements. Department’s Response The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance. The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented. The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor. The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Suspension and Debarment Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent. The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment. We consider these internal control deficiencies to be a material weakness. This issue was not reported as a finding in the prior audit. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards. Recommendation We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements. Department’s Response The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required. Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit. Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time. It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency. The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-031 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce. The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF. During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring. During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent). We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements. Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity. Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendation We recommend the Department: • Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements. • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements. Department’s Response The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required. Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit. Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time. It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency. The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives. Auditor’s Remarks Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements. We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states: Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to: • Assess the overall soundness of the system of internal control. • Be aware of the existence of internal control weaknesses, if any. • Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary. While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period. Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $415,579,473 Prior Year Audit Finding: Yes, Finding 2023-058 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers. There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly. In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures. The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles. By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer. We consider these internal control deficiencies to be a material weakness that led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition and Questioned Costs By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers. The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars. Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment. 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. 45 CFR Part 75, section 403, Factors Affecting Allowability of Costs. 45 CFR Part 75, section 410, Collection of Unallowable Costs 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Matching, Level of Effort, Earmarking Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-060 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities. The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037. Description of Condition The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs. The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing. Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements. By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Develop effective ongoing monitoring procedures Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Period of Performance Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-061 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval. The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate: • Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award • Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated. • Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes. The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041. Description of Condition The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program. Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Develop written policies and procedures over federal period of performance requirements Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.60 – Availability of funds, states in part: (d) The following obligation and liquidation provisions apply to States and Territories: (1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year. (2) (i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended. (ii)Mandatory Funds for States that do not request Matching Funds are available until expended. (4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Reporting Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-062 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report. The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038. Description of Condition The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program. The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement. In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report. Recommendation We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules. Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $415,579,473 Prior Year Audit Finding: Yes, Finding 2023-058 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers. There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly. In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures. The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles. By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer. We consider these internal control deficiencies to be a material weakness that led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition and Questioned Costs By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers. The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars. Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment. 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. 45 CFR Part 75, section 403, Factors Affecting Allowability of Costs. 45 CFR Part 75, section 410, Collection of Unallowable Costs 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Matching, Level of Effort, Earmarking Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-060 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities. The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037. Description of Condition The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs. The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing. Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements. By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Develop effective ongoing monitoring procedures Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Period of Performance Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-061 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval. The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate: • Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award • Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated. • Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes. The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041. Description of Condition The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program. Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Develop written policies and procedures over federal period of performance requirements Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.60 – Availability of funds, states in part: (d) The following obligation and liquidation provisions apply to States and Territories: (1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year. (2) (i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended. (ii)Mandatory Funds for States that do not request Matching Funds are available until expended. (4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Reporting Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-062 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report. The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038. Description of Condition The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program. The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement. In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report. Recommendation We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules. Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $415,579,473 Prior Year Audit Finding: Yes, Finding 2023-058 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers. There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly. In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures. The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles. By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer. We consider these internal control deficiencies to be a material weakness that led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition and Questioned Costs By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers. The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars. Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment. 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. 45 CFR Part 75, section 403, Factors Affecting Allowability of Costs. 45 CFR Part 75, section 410, Collection of Unallowable Costs 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Matching, Level of Effort, Earmarking Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-060 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities. The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037. Description of Condition The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs. The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing. Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements. By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Develop effective ongoing monitoring procedures Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Period of Performance Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-061 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval. The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate: • Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award • Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated. • Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes. The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041. Description of Condition The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program. Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Develop written policies and procedures over federal period of performance requirements Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.60 – Availability of funds, states in part: (d) The following obligation and liquidation provisions apply to States and Territories: (1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year. (2) (i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended. (ii)Mandatory Funds for States that do not request Matching Funds are available until expended. (4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Reporting Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-062 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report. The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038. Description of Condition The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program. The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement. In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report. Recommendation We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules. Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $415,579,473 Prior Year Audit Finding: Yes, Finding 2023-058 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers. There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly. In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures. The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles. By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer. We consider these internal control deficiencies to be a material weakness that led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition and Questioned Costs By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers. The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars. Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment. 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. 45 CFR Part 75, section 403, Factors Affecting Allowability of Costs. 45 CFR Part 75, section 410, Collection of Unallowable Costs 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Matching, Level of Effort, Earmarking Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-060 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities. The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037. Description of Condition The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs. The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing. Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements. By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Develop effective ongoing monitoring procedures Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Period of Performance Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-061 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval. The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate: • Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award • Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated. • Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes. The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041. Description of Condition The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program. Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Develop written policies and procedures over federal period of performance requirements Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.60 – Availability of funds, states in part: (d) The following obligation and liquidation provisions apply to States and Territories: (1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year. (2) (i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended. (ii)Mandatory Funds for States that do not request Matching Funds are available until expended. (4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Reporting Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-062 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report. The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038. Description of Condition The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program. The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement. In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report. Recommendation We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules. Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $415,579,473 Prior Year Audit Finding: Yes, Finding 2023-058 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers. There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly. In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures. The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles. By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer. We consider these internal control deficiencies to be a material weakness that led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition and Questioned Costs By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers. The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars. Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment. 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. 45 CFR Part 75, section 403, Factors Affecting Allowability of Costs. 45 CFR Part 75, section 410, Collection of Unallowable Costs 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Matching, Level of Effort, Earmarking Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-060 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities. The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037. Description of Condition The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs. The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing. Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements. By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Develop effective ongoing monitoring procedures Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Period of Performance Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-061 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval. The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate: • Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award • Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated. • Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes. The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041. Description of Condition The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program. Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Develop written policies and procedures over federal period of performance requirements Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.60 – Availability of funds, states in part: (d) The following obligation and liquidation provisions apply to States and Territories: (1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year. (2) (i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended. (ii)Mandatory Funds for States that do not request Matching Funds are available until expended. (4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Reporting Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-062 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report. The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038. Description of Condition The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program. The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement. In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report. Recommendation We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules. Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $415,579,473 Prior Year Audit Finding: Yes, Finding 2023-058 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers. There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly. In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures. The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles. By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer. We consider these internal control deficiencies to be a material weakness that led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition and Questioned Costs By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers. The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars. Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment. 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. 45 CFR Part 75, section 403, Factors Affecting Allowability of Costs. 45 CFR Part 75, section 410, Collection of Unallowable Costs 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Matching, Level of Effort, Earmarking Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-060 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities. The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037. Description of Condition The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs. The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing. Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements. By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Develop effective ongoing monitoring procedures Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Period of Performance Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-061 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval. The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate: • Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award • Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated. • Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes. The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041. Description of Condition The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program. Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement. The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds. Recommendations We recommend the Department: • Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules • Develop written policies and procedures over federal period of performance requirements Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.60 – Availability of funds, states in part: (d) The following obligation and liquidation provisions apply to States and Territories: (1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year. (2) (i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended. (ii)Mandatory Funds for States that do not request Matching Funds are available until expended. (4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster. Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant 93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Reporting Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2023-062 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding. The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report. The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038. Description of Condition The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program. The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement. In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant. Effect of Condition By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report. Recommendation We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules. Department’s Response The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended, “that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified: “Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024” Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs. Auditor’s Remarks The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67. We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well. Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report. In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states: “The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.” “The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable. We reaffirm our finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR, Section 98.67 – Fiscal requirements, states: (a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds. (b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds. (c) Fiscal control and accounting procedures shall be sufficient to permit: (1) Preparation of reports required by the Secretary under this subpart and under subpart H; and (2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Condition: During our audit of the Temporary Assistance for Needy Families (TANF) program, it was noted that the organization did not maintain adequate supporting documentation for determining client eligibility. In several client case files reviewed, critical documents relating to legal residency in the United States of America were missing or incomplete. Criteria: In accordance with TANF program requirements and 2 CFR § 200.303 (internal controls), recipients must maintain sufficient records to support eligibility determinations. Adequate supporting documentation is essential to ensure compliance with federal guidelines and to prevent improper payments. Cause: The organization’s internal controls over eligibility documentation and file retention were not consistently followed or were inadequately designed. Effect: Failure to maintain adequate eligibility documentation increases the risk of providing benefits to ineligible individuals, leading to noncompliance and potential questioned costs. It also hinders the ability to demonstrate compliance during audits or monitoring reviews. Questioned Costs None specifically identified during testing; however, the lack of documentation presents a risk for potential future questioned costs. Recommendation We recommend the organization update their intake forms to incorporate all required eligibility criteria for the TANF program. Management’s Response See corrective action plan.