Federal Agency: U.S. Department of Transportation Federal Program Name: Formula Grants for Rural Areas and Tribal Transit Program Assistance Listing Number: 20.509 Federal Award Identification Number and Year: 2024; FAIN not available. Pass-Through Agency: State of Vermont Agency of Transportation and Tribal Transit Program Pass-Through Number(s): EA#COVIDFTA-934 EA#FT202201-704 EA#FT24FLEX-454 EA#CRRSAA22-934 EA#FT23FLEX-064 EA#FT24FLEX-554 EA#FT201806-454 EA#FT23FLEX-454 EA#FT24FLEX-854 EA#FT201806-554 EA#FT23FLEX-554 EA#FT24FLEX-954 EA#FT201806-954 EA#FT23FLEX-954 EA#FT24FORM-454 EA#FT201903-704 EA#FT23FORM-064 EA#FT24FORM-924 EA#FT202104-704 EA#FT23FORM-934 EA#FT24FORM-934 EA#FT202104-954 EA#FT24FLEX-064 Award Period: July 1, 2023 through June 30, 2024 Compliance Requirement: Allowable Costs / Cost Principles Type of Finding: Significant deficiency in internal control over compliance and other matter Criteria or specific requirement: The United States Code of Federal Regulations (CFR) Title 2 Part 200.430 indicates charges to federal awards for salaries and wages must be based on records that accurately reflect the work performed. Such records should support the distribution of the employee’s salary or wages among specific activities or cost objectives if the employee works on a federal award and a non-federal award. Additionally, 2 CFR 200.303 indicates that non-Federal entities receiving Federal awards must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition: We noted that for a sample of payroll disbursements, the distribution of the employees’ salaries among activities and cost objectives was not supported by the underling records used to calculate said distribution. Questioned costs: None above the reportable threshold. Context: Seven (7) of forty payroll transactions were selected for testing in our statistically valid sample. Federal Agency: U.S. Department of Transportation Federal Program Name: Formula Grants for Rural Areas and Tribal Transit Program Assistance Listing Number: 20.509 Federal Award Identification Number and Year: 2024; FAIN not available. Pass-Through Agency: State of Vermont Agency of Transportation and Tribal Transit Program Pass-Through Number(s): EA#COVIDFTA-934 EA#FT202201-704 EA#FT24FLEX-454 EA#CRRSAA22-934 EA#FT23FLEX-064 EA#FT24FLEX-554 EA#FT201806-454 EA#FT23FLEX-454 EA#FT24FLEX-854 EA#FT201806-554 EA#FT23FLEX-554 EA#FT24FLEX-954 EA#FT201806-954 EA#FT23FLEX-954 EA#FT24FORM-454 EA#FT201903-704 EA#FT23FORM-064 EA#FT24FORM-924 EA#FT202104-704 EA#FT23FORM-934 EA#FT24FORM-934 EA#FT202104-954 EA#FT24FLEX-064 Award Period: July 1, 2023 through June 30, 2024 Compliance Requirement: Allowable Costs / Cost Principles Type of Finding: Significant deficiency in internal control over compliance and other matter Criteria or specific requirement: The United States Code of Federal Regulations (CFR) Title 2 Part 200.430 indicates charges to federal awards for salaries and wages must be based on records that accurately reflect the work performed. Such records should support the distribution of the employee’s salary or wages among specific activities or cost objectives if the employee works on a federal award and a non-federal award. Additionally, 2 CFR 200.303 indicates that non-Federal entities receiving Federal awards must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition: We noted that for a sample of payroll disbursements, the distribution of the employees’ salaries among activities and cost objectives was not supported by the underling records used to calculate said distribution. Questioned costs: None above the reportable threshold. Context: Seven (7) of forty payroll transactions were selected for testing in our statistically valid sample. Cause: The procedures implemented to calculate and allocate the distribution of payroll charges to cost objectives did not prevent certain distributions which did not agree to the underlying records. Effect: Unallowable costs were charged to the program. Repeat Finding: No. Recommendation: We recommend management enhance procedures and controls to ensure that the distribution of payroll costs charged to the grant are verified against the underlying records supporting the distribution allocation. Views of responsible officials: Management agrees with the finding.
Federal Agency: U.S. Department of Transportation Federal Program Name: Formula Grants for Rural Areas and Tribal Transit Program Assistance Listing Number: 20.509 Federal Award Identification Number and Year: 2024; FAIN not available. Pass-Through Agency: State of Vermont Agency of Transportation Pass-Through Number(s): EA#COVIDFTA-934 EA#FT202201-704 EA#FT24FLEX-454 EA#CRRSAA22-934 EA#FT23FLEX-064 EA#FT24FLEX-554 EA#FT201806-454 EA#FT23FLEX-454 EA#FT24FLEX-854 EA#FT201806-554 EA#FT23FLEX-554 EA#FT24FLEX-954 EA#FT201806-954 EA#FT23FLEX-954 EA#FT24FORM-454 EA#FT201903-704 EA#FT23FORM-064 EA#FT24FORM-924 EA#FT202104-704 EA#FT23FORM-934 EA#FT24FORM-934 EA#FT202104-954 EA#FT24FLEX-064 Award Period: July 1, 2023 through June 30, 2024 Compliance Requirement: Procurement, Suspension and Debarment Type of Finding: Material weakness in internal control over compliance and material noncompliance (modified opinion) Criteria or specific requirement: The United States Code of Federal Regulations (CFR) Title 2, Part 200.319 indicates procurement transactions under the Federal award must be conducted in a manner that provides full and open competition. Additionally, 2 CFR Part 200.320 indicates that for any allowable method chosen, the recipient or subrecipient must maintain and use documented procurement procedures, consistent with the requirements of 2 CFR Part 200, Subpart D. When a non-federal entity enters into a covered transaction with an entity at a lower tier, the nonfederal entity must verify that the entity, as defined in 2 CFR Part 180.995 and agency adopting regulations, is not suspended or debarred or otherwise excluded from participating in the transaction. This verification may be accomplished by (1) checking the System for Award Management (SAM) exclusions maintained by the General Services Administration (GSA), (2) collecting a certification from the entity, or (3) adding a clause or condition to the covered transaction with that entity (2 CFR Part 180.300). 2 CFR Part 200.303 indicates that non-Federal entities receiving Federal awards must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition: For a sample of five (5) procurement transactions above the micro-purchase threshold, documentation was not maintained to support the procurement, suspension and debarment procedures performed in order to demonstrate compliance with 2 CFR Part 180 and 2 CFR Part 200. Questioned costs: Unknown. Context: Five of five transactions selected for testing in our sample. Cause: Procedures were not designed or implemented to maintain documentation to support compliance with the standards of procurement, suspension and debarment contained in 2 CFR Part 180 and 2 CFR Part 200. Effect: Compliance with the requirements of the federal award could not be demonstrated. Additionally, the lack of internal controls presents additional risk of noncompliance in circumstances where federal expenditures are made to ineligible entities. Repeat Finding: No. Recommendation: We recommend management enhance procedures and controls to ensure documentation is maintained to support all procurements and suspension and debarment verifications related to expenditures from federal award programs. Justification for noncompetitive procurements (i.e., sole source, public exigency, or consent of the awarding agency), should also be documented. Such documentation should be consolidated and maintained in a secure, accessible location. Views of responsible officials: Management agrees with the finding.
2024-006—Graham Leach Bliley Act – Student Information Security U.S. Department of Education Student Financial Assistance Programs Cluster (Direct) Federal Work Study Program (84.003) Federal Pell Grant Program (84.063) Federal Perkins Loan Program (84.038) Federal Supplemental Educational Opportunity Grants (84.007) Federal Direct Loan Program (84.268) Federal Award Year: 2023-2024 Repeat Finding: No Criteria The Code of Federal Regulations (2 CFR 200.303(a)) requires that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in Standards for Internal Control in the Federal Government issued by the Comptroller General of the United States or the Internal Control Integrated Framework, issued by the Committee of Sponsoring Organizations of the Treadway Commission. The Program Participation Agreement (PPA) with the U.S. Department of Education requires the institution to comply with the Standards for Safeguarding Customer Information as described in 16 CFR Part 314 which includes the development of a comprehensive written security program that includes the following parts: • 16 CFR 314.4(a) requires institutions to designate a qualified individual responsible for overseeing and implementing the institution’s information security program and enforcing the information security program. • 16 CFR 314.4(b) requires institutions to provide for the information security program to be based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality and integrity of customer information (as the term customer information applies to the institution) that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks. • 16 CFR 314.4(c) requires institutions to provide for the design and implementation of safeguards to control the risks the institution provides through its risk assessment • 16 CFR 314.4(d) requires institutions to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented. • 16 CFR 314.4(e) requires institutions to develop policies and procedures to ensure that personnel are able to enact the information security program. • 16 CFR 314.4(f) requires institutions to develop policies and procedures to oversee its information system service providers. Condition The College’s written information security program did not include the following elements required by regulation as agreed to in the PPA: • The College has performed a risk assessment utilizing internal resources but has not based the information security program on the results of this assessment, nor has the College included all required elements of internal and external risks to the security, confidentiality or integrity of customer information. The College’s risk assessment is missing an inventory of IT systems that process and store customer information and the compliance with information security elements related to multifactor authentication, access control, change management, logging and alerting and encryption. • The College has not identified, designed or implemented safeguards for all of the risks identified in the risk assessment. The safeguards do not include the identification of security events or detection and response capabilities to support incident response. • The College has not been able to test safeguards because safeguards have not been designed or implemented in response to the risk assessment. • The College has not developed written policies and procedures to ensure that personnel are able to enact the information security program. There is a lack of evidence of leadership being required to report to the board or an appropriate supervisory council to ensure those charged with governance are informed on the current state of the information security program. • The College has not developed policies and procedures to oversee information service providers Cause The College’s information security policy did not include all of the required elements, in line with the Gramm-Leach-Bliley Act. Effect Noncompliance with federal regulations could result in the loss of future federal funding. Questioned costs There were no questioned costs with respect to this finding. Context Under a College’s PPA with the U.S. Department of Education, institutions must protect student financial aid information, with particular attention to information provided to institutions by the U.S. Department of Education or otherwise obtained in support of the administration of federal student financial aid programs Recommendation We recommend the College complete these requirements, in order to be compliance with the Gramm-Leach-Bliley Act. Views of responsible officials Management agrees with this finding. See corrective action plan.
2024-006—Graham Leach Bliley Act – Student Information Security U.S. Department of Education Student Financial Assistance Programs Cluster (Direct) Federal Work Study Program (84.003) Federal Pell Grant Program (84.063) Federal Perkins Loan Program (84.038) Federal Supplemental Educational Opportunity Grants (84.007) Federal Direct Loan Program (84.268) Federal Award Year: 2023-2024 Repeat Finding: No Criteria The Code of Federal Regulations (2 CFR 200.303(a)) requires that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in Standards for Internal Control in the Federal Government issued by the Comptroller General of the United States or the Internal Control Integrated Framework, issued by the Committee of Sponsoring Organizations of the Treadway Commission. The Program Participation Agreement (PPA) with the U.S. Department of Education requires the institution to comply with the Standards for Safeguarding Customer Information as described in 16 CFR Part 314 which includes the development of a comprehensive written security program that includes the following parts: • 16 CFR 314.4(a) requires institutions to designate a qualified individual responsible for overseeing and implementing the institution’s information security program and enforcing the information security program. • 16 CFR 314.4(b) requires institutions to provide for the information security program to be based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality and integrity of customer information (as the term customer information applies to the institution) that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks. • 16 CFR 314.4(c) requires institutions to provide for the design and implementation of safeguards to control the risks the institution provides through its risk assessment • 16 CFR 314.4(d) requires institutions to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented. • 16 CFR 314.4(e) requires institutions to develop policies and procedures to ensure that personnel are able to enact the information security program. • 16 CFR 314.4(f) requires institutions to develop policies and procedures to oversee its information system service providers. Condition The College’s written information security program did not include the following elements required by regulation as agreed to in the PPA: • The College has performed a risk assessment utilizing internal resources but has not based the information security program on the results of this assessment, nor has the College included all required elements of internal and external risks to the security, confidentiality or integrity of customer information. The College’s risk assessment is missing an inventory of IT systems that process and store customer information and the compliance with information security elements related to multifactor authentication, access control, change management, logging and alerting and encryption. • The College has not identified, designed or implemented safeguards for all of the risks identified in the risk assessment. The safeguards do not include the identification of security events or detection and response capabilities to support incident response. • The College has not been able to test safeguards because safeguards have not been designed or implemented in response to the risk assessment. • The College has not developed written policies and procedures to ensure that personnel are able to enact the information security program. There is a lack of evidence of leadership being required to report to the board or an appropriate supervisory council to ensure those charged with governance are informed on the current state of the information security program. • The College has not developed policies and procedures to oversee information service providers Cause The College’s information security policy did not include all of the required elements, in line with the Gramm-Leach-Bliley Act. Effect Noncompliance with federal regulations could result in the loss of future federal funding. Questioned costs There were no questioned costs with respect to this finding. Context Under a College’s PPA with the U.S. Department of Education, institutions must protect student financial aid information, with particular attention to information provided to institutions by the U.S. Department of Education or otherwise obtained in support of the administration of federal student financial aid programs Recommendation We recommend the College complete these requirements, in order to be compliance with the Gramm-Leach-Bliley Act. Views of responsible officials Management agrees with this finding. See corrective action plan.
2024-006—Graham Leach Bliley Act – Student Information Security U.S. Department of Education Student Financial Assistance Programs Cluster (Direct) Federal Work Study Program (84.003) Federal Pell Grant Program (84.063) Federal Perkins Loan Program (84.038) Federal Supplemental Educational Opportunity Grants (84.007) Federal Direct Loan Program (84.268) Federal Award Year: 2023-2024 Repeat Finding: No Criteria The Code of Federal Regulations (2 CFR 200.303(a)) requires that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in Standards for Internal Control in the Federal Government issued by the Comptroller General of the United States or the Internal Control Integrated Framework, issued by the Committee of Sponsoring Organizations of the Treadway Commission. The Program Participation Agreement (PPA) with the U.S. Department of Education requires the institution to comply with the Standards for Safeguarding Customer Information as described in 16 CFR Part 314 which includes the development of a comprehensive written security program that includes the following parts: • 16 CFR 314.4(a) requires institutions to designate a qualified individual responsible for overseeing and implementing the institution’s information security program and enforcing the information security program. • 16 CFR 314.4(b) requires institutions to provide for the information security program to be based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality and integrity of customer information (as the term customer information applies to the institution) that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks. • 16 CFR 314.4(c) requires institutions to provide for the design and implementation of safeguards to control the risks the institution provides through its risk assessment • 16 CFR 314.4(d) requires institutions to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented. • 16 CFR 314.4(e) requires institutions to develop policies and procedures to ensure that personnel are able to enact the information security program. • 16 CFR 314.4(f) requires institutions to develop policies and procedures to oversee its information system service providers. Condition The College’s written information security program did not include the following elements required by regulation as agreed to in the PPA: • The College has performed a risk assessment utilizing internal resources but has not based the information security program on the results of this assessment, nor has the College included all required elements of internal and external risks to the security, confidentiality or integrity of customer information. The College’s risk assessment is missing an inventory of IT systems that process and store customer information and the compliance with information security elements related to multifactor authentication, access control, change management, logging and alerting and encryption. • The College has not identified, designed or implemented safeguards for all of the risks identified in the risk assessment. The safeguards do not include the identification of security events or detection and response capabilities to support incident response. • The College has not been able to test safeguards because safeguards have not been designed or implemented in response to the risk assessment. • The College has not developed written policies and procedures to ensure that personnel are able to enact the information security program. There is a lack of evidence of leadership being required to report to the board or an appropriate supervisory council to ensure those charged with governance are informed on the current state of the information security program. • The College has not developed policies and procedures to oversee information service providers Cause The College’s information security policy did not include all of the required elements, in line with the Gramm-Leach-Bliley Act. Effect Noncompliance with federal regulations could result in the loss of future federal funding. Questioned costs There were no questioned costs with respect to this finding. Context Under a College’s PPA with the U.S. Department of Education, institutions must protect student financial aid information, with particular attention to information provided to institutions by the U.S. Department of Education or otherwise obtained in support of the administration of federal student financial aid programs Recommendation We recommend the College complete these requirements, in order to be compliance with the Gramm-Leach-Bliley Act. Views of responsible officials Management agrees with this finding. See corrective action plan.
2024-006—Graham Leach Bliley Act – Student Information Security U.S. Department of Education Student Financial Assistance Programs Cluster (Direct) Federal Work Study Program (84.003) Federal Pell Grant Program (84.063) Federal Perkins Loan Program (84.038) Federal Supplemental Educational Opportunity Grants (84.007) Federal Direct Loan Program (84.268) Federal Award Year: 2023-2024 Repeat Finding: No Criteria The Code of Federal Regulations (2 CFR 200.303(a)) requires that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in Standards for Internal Control in the Federal Government issued by the Comptroller General of the United States or the Internal Control Integrated Framework, issued by the Committee of Sponsoring Organizations of the Treadway Commission. The Program Participation Agreement (PPA) with the U.S. Department of Education requires the institution to comply with the Standards for Safeguarding Customer Information as described in 16 CFR Part 314 which includes the development of a comprehensive written security program that includes the following parts: • 16 CFR 314.4(a) requires institutions to designate a qualified individual responsible for overseeing and implementing the institution’s information security program and enforcing the information security program. • 16 CFR 314.4(b) requires institutions to provide for the information security program to be based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality and integrity of customer information (as the term customer information applies to the institution) that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks. • 16 CFR 314.4(c) requires institutions to provide for the design and implementation of safeguards to control the risks the institution provides through its risk assessment • 16 CFR 314.4(d) requires institutions to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented. • 16 CFR 314.4(e) requires institutions to develop policies and procedures to ensure that personnel are able to enact the information security program. • 16 CFR 314.4(f) requires institutions to develop policies and procedures to oversee its information system service providers. Condition The College’s written information security program did not include the following elements required by regulation as agreed to in the PPA: • The College has performed a risk assessment utilizing internal resources but has not based the information security program on the results of this assessment, nor has the College included all required elements of internal and external risks to the security, confidentiality or integrity of customer information. The College’s risk assessment is missing an inventory of IT systems that process and store customer information and the compliance with information security elements related to multifactor authentication, access control, change management, logging and alerting and encryption. • The College has not identified, designed or implemented safeguards for all of the risks identified in the risk assessment. The safeguards do not include the identification of security events or detection and response capabilities to support incident response. • The College has not been able to test safeguards because safeguards have not been designed or implemented in response to the risk assessment. • The College has not developed written policies and procedures to ensure that personnel are able to enact the information security program. There is a lack of evidence of leadership being required to report to the board or an appropriate supervisory council to ensure those charged with governance are informed on the current state of the information security program. • The College has not developed policies and procedures to oversee information service providers Cause The College’s information security policy did not include all of the required elements, in line with the Gramm-Leach-Bliley Act. Effect Noncompliance with federal regulations could result in the loss of future federal funding. Questioned costs There were no questioned costs with respect to this finding. Context Under a College’s PPA with the U.S. Department of Education, institutions must protect student financial aid information, with particular attention to information provided to institutions by the U.S. Department of Education or otherwise obtained in support of the administration of federal student financial aid programs Recommendation We recommend the College complete these requirements, in order to be compliance with the Gramm-Leach-Bliley Act. Views of responsible officials Management agrees with this finding. See corrective action plan.
2024-003—Error in Reporting for National Student Loan Data System (NSLDS) U.S. Department of Education Student Financial Assistance Programs Cluster (Direct) Federal Direct Loan Program (84.268) Federal Award Year: 2023-2024 Repeat Finding: No Criteria The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. According to the NSLDS Enrollment Reporting Guide, a student’s Program-Level enrollment status should be reported with the same enrollment status as that student’s campus-level enrollment status for all programs the student is enrolled in at that location, even if the student is not currently taking coursework that applies to a particular program. If the student has withdrawn or graduated from an academic program, a “terminal enrollment status” of ‘W’ or ‘G,’ as appropriate, should be reported for that program, even if the student is still taking coursework applicable to other programs in which the student is enrolled. Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures to ensure enrollment reporting is completed properly. Condition: The College did not properly report the student enrollment change for students who received federal student aid to the NSLDS. The College did not timely report three students’ Program-Level or Campus-Level enrollment status change to NSLDS. Out of the 11 students tested, we noted 3 students (28%) whose status change at the Program-Level and Campus-Level was not timely reported to NSLDS. The College did not have formally documented controls related to the process of enrollment reporting, which is required under Uniform Grant Guidance. Cause An additional submission to the NSLDS was required for the students who withdrew during the term to meet the reporting requirements that did not occur. The College noted that changes related to mid-term withdrawals are not completed until the end of the term, which is outside the allowable window of reporting noted above. Effect Noncompliance with federal regulations could result in the loss of future federal funding. Context We tested 11 students who received federal student aid with enrollment changes. For each student tested, management provided documentation from NSLDS showing when the student’s status changed, and when it was reported. Out of the 11 students tested, we noted 3 students (28%) whose status change at the Program-Level and Campus-Level was not timely reported to NSLDS. Questioned costs There were no questioned costs with respect to this finding. Recommendation We recommend the College review current processes and implement updated processes and controls for reporting to NSLDS, implementing procedures to ensure submissions are reported timely and accurately. Views of responsible officials Management agrees with this finding. See corrective action plan.
2024-006—Graham Leach Bliley Act – Student Information Security U.S. Department of Education Student Financial Assistance Programs Cluster (Direct) Federal Work Study Program (84.003) Federal Pell Grant Program (84.063) Federal Perkins Loan Program (84.038) Federal Supplemental Educational Opportunity Grants (84.007) Federal Direct Loan Program (84.268) Federal Award Year: 2023-2024 Repeat Finding: No Criteria The Code of Federal Regulations (2 CFR 200.303(a)) requires that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in Standards for Internal Control in the Federal Government issued by the Comptroller General of the United States or the Internal Control Integrated Framework, issued by the Committee of Sponsoring Organizations of the Treadway Commission. The Program Participation Agreement (PPA) with the U.S. Department of Education requires the institution to comply with the Standards for Safeguarding Customer Information as described in 16 CFR Part 314 which includes the development of a comprehensive written security program that includes the following parts: • 16 CFR 314.4(a) requires institutions to designate a qualified individual responsible for overseeing and implementing the institution’s information security program and enforcing the information security program. • 16 CFR 314.4(b) requires institutions to provide for the information security program to be based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality and integrity of customer information (as the term customer information applies to the institution) that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks. • 16 CFR 314.4(c) requires institutions to provide for the design and implementation of safeguards to control the risks the institution provides through its risk assessment • 16 CFR 314.4(d) requires institutions to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented. • 16 CFR 314.4(e) requires institutions to develop policies and procedures to ensure that personnel are able to enact the information security program. • 16 CFR 314.4(f) requires institutions to develop policies and procedures to oversee its information system service providers. Condition The College’s written information security program did not include the following elements required by regulation as agreed to in the PPA: • The College has performed a risk assessment utilizing internal resources but has not based the information security program on the results of this assessment, nor has the College included all required elements of internal and external risks to the security, confidentiality or integrity of customer information. The College’s risk assessment is missing an inventory of IT systems that process and store customer information and the compliance with information security elements related to multifactor authentication, access control, change management, logging and alerting and encryption. • The College has not identified, designed or implemented safeguards for all of the risks identified in the risk assessment. The safeguards do not include the identification of security events or detection and response capabilities to support incident response. • The College has not been able to test safeguards because safeguards have not been designed or implemented in response to the risk assessment. • The College has not developed written policies and procedures to ensure that personnel are able to enact the information security program. There is a lack of evidence of leadership being required to report to the board or an appropriate supervisory council to ensure those charged with governance are informed on the current state of the information security program. • The College has not developed policies and procedures to oversee information service providers Cause The College’s information security policy did not include all of the required elements, in line with the Gramm-Leach-Bliley Act. Effect Noncompliance with federal regulations could result in the loss of future federal funding. Questioned costs There were no questioned costs with respect to this finding. Context Under a College’s PPA with the U.S. Department of Education, institutions must protect student financial aid information, with particular attention to information provided to institutions by the U.S. Department of Education or otherwise obtained in support of the administration of federal student financial aid programs Recommendation We recommend the College complete these requirements, in order to be compliance with the Gramm-Leach-Bliley Act. Views of responsible officials Management agrees with this finding. See corrective action plan.
Program: Special Supplemental Nutrition Program for Women, Infants, and Children (WIC) Assistance Listing No.: 10.557 Federal Grantor: U.S. Department of Agriculture Passed-through: California Department of Public Health Award No.: 22-10307 Award Year: 2024 Compliance Requirement: Procurement and Suspension and Debarment Type of Finding: Material Weakness in Internal Control over Compliance and Material Non-Compliance Criteria: 2 CFR section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Title 2 CFR Section 200.214 of the Uniform Guidance states that the County must comply with 2 CFR part 180, which implements Executive Orders 12549 and 12689. The regulations in 2 CFR part 180 restrict awards, subawards, and contracts with certain parties that are debarred, suspended, or otherwise excluded from or ineligible for participation in Federal assistance programs or activities. Per 2 CFR Section 180.300, when a non-Federal entity enters into a covered transaction with an entity at a lower tier, the non-Federal entity must verify that the entity, as defined in 2 CFR section 180.995 and agency adopting regulations, is not suspended or debarred or otherwise excluded from participating in the transaction. This verification may be accomplished by (1) checking the System for Award Management (SAM) Exclusions maintained by the General Services Administration (GSA) and available at https://www.sam.gov/SAM/, (2) collecting a certification from the entity, or (3) adding a clause or condition to the covered transaction with that entity. 2 CFR 200.318(i) Procurement records. The recipient or subrecipient must maintain records sufficient to detail the history of each procurement transaction. These records must include the rationale for the procurement method, contract type selection, contractor selection or rejection, and the basis for the contract price. 2 CFR 200.327 Contract provisions. The recipient's or subrecipient's contracts must contain the applicable provisions described in Appendix II to Part 200—Contract Provisions for Non-Federal Entity Contracts Under Federal Awards. Condition: During our testing of the County’s provisions for procurement requirements, we noted the following: 1. For two (2) out of two (2) contracts selected for testing there was no evidence that the County verified the entity was not suspended or debarred or otherwise excluded from participating in the transaction, prior to entering the contract. 2. For two (2) out of two (2) contracts selected for testing, the County did not include all applicable provisions described in 2 CFR 200 Appendix II. 3. For one (1) out of two (2) contracts selected for testing with a contract value of $600,000, the County could not provide documentation of the history of the procurement, including the rationale for the method of procurement, selection of contract type, basis for contractor selection, and the basis for the contract price. Cause: The County did not follow their policy to verify the information described in the condition prior to entering the transactions. The County did not follow their policy documenting the history of the procurement, including the rationale for the method of procurement, selection of contract type, basis for contractor selection, and the basis for the contract price. The County’s policy does not include the requirement to include all applicable provisions identified in 2 CFR 200 Appendix II in its contracts. Effect: Failure to implement and maintain a proper control process could result in payments to vendors that are suspended or debarred or improper awarding of contracts under the procurement guidance. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of two (2) out of twelve (12) procurement contracts were tested. This represented a total of $2,285,000 in contracted services under the grant. Repeat Finding from Prior Years: No. Recommendation: We recommend the County strengthen its policies and procedures to ensure that the verification of the debarment and suspension is documented and retained, the history of procurement transactions is documented and retained in its official records, and that contracts include all applicable provisions of 2 CFR 200 Appendix II. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Special Supplemental Nutrition Program for Women, Infants, and Children (WIC) Assistance Listing No.: 10.557 Federal Grantor: U.S. Department of Agriculture Passed-through: California Department of Public Health Award No.: 22-10307 Award Year: 2024 Compliance Requirement: Activities Allowable or Unallowed and Allowable Costs/Cost Principles Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: 2 CFR Section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR Section 200.430, Compensation – Personal Services, states that charges to Federal awards for salaries and wages must be based on records that accurately reflect the work performed. These records must be supported by a system of internal control that provides reasonable assurance that the charges are accurate, allowable and properly allocated. Condition: For one (1) of sixty-eight (68) expenditures tested, we noted one timecard where the employee’s timecard was not approved by a supervisor. Cause: The County’s procedures did not consistently ensure that the review of timecards was documented. Effect: Lack of review for personnel hours could lead to unallowable activities and costs to be charged to the Federal program. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of sixty-eight (68) out of one thousand seven hundred eight (1,708) expenditures were tested, totaling $537,604 out of $4,554,560 of the federal program expenditures. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County modify and/or strengthen its current policies and procedures to ensure that all timecards consistently document evidence of supervisor approval. The procedures should also address the compensating controls for circumstances where obtaining the supervisor’s approval is not possible. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Special Supplemental Nutrition Program for Women, Infants, and Children (WIC) Assistance Listing No.: 10.557 Federal Grantor: U.S. Department of Agriculture Passed-through: California Department of Public Health Award No.: 22-10307 Award Year: 2024 Compliance Requirement: Procurement and Suspension and Debarment Type of Finding: Material Weakness in Internal Control over Compliance and Material Non-Compliance Criteria: 2 CFR section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Title 2 CFR Section 200.214 of the Uniform Guidance states that the County must comply with 2 CFR part 180, which implements Executive Orders 12549 and 12689. The regulations in 2 CFR part 180 restrict awards, subawards, and contracts with certain parties that are debarred, suspended, or otherwise excluded from or ineligible for participation in Federal assistance programs or activities. Per 2 CFR Section 180.300, when a non-Federal entity enters into a covered transaction with an entity at a lower tier, the non-Federal entity must verify that the entity, as defined in 2 CFR section 180.995 and agency adopting regulations, is not suspended or debarred or otherwise excluded from participating in the transaction. This verification may be accomplished by (1) checking the System for Award Management (SAM) Exclusions maintained by the General Services Administration (GSA) and available at https://www.sam.gov/SAM/, (2) collecting a certification from the entity, or (3) adding a clause or condition to the covered transaction with that entity. 2 CFR 200.318(i) Procurement records. The recipient or subrecipient must maintain records sufficient to detail the history of each procurement transaction. These records must include the rationale for the procurement method, contract type selection, contractor selection or rejection, and the basis for the contract price. 2 CFR 200.327 Contract provisions. The recipient's or subrecipient's contracts must contain the applicable provisions described in Appendix II to Part 200—Contract Provisions for Non-Federal Entity Contracts Under Federal Awards. Condition: During our testing of the County’s provisions for procurement requirements, we noted the following: 1. For two (2) out of two (2) contracts selected for testing there was no evidence that the County verified the entity was not suspended or debarred or otherwise excluded from participating in the transaction, prior to entering the contract. 2. For two (2) out of two (2) contracts selected for testing, the County did not include all applicable provisions described in 2 CFR 200 Appendix II. 3. For one (1) out of two (2) contracts selected for testing with a contract value of $600,000, the County could not provide documentation of the history of the procurement, including the rationale for the method of procurement, selection of contract type, basis for contractor selection, and the basis for the contract price. Cause: The County did not follow their policy to verify the information described in the condition prior to entering the transactions. The County did not follow their policy documenting the history of the procurement, including the rationale for the method of procurement, selection of contract type, basis for contractor selection, and the basis for the contract price. The County’s policy does not include the requirement to include all applicable provisions identified in 2 CFR 200 Appendix II in its contracts. Effect: Failure to implement and maintain a proper control process could result in payments to vendors that are suspended or debarred or improper awarding of contracts under the procurement guidance. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of two (2) out of twelve (12) procurement contracts were tested. This represented a total of $2,285,000 in contracted services under the grant. Repeat Finding from Prior Years: No. Recommendation: We recommend the County strengthen its policies and procedures to ensure that the verification of the debarment and suspension is documented and retained, the history of procurement transactions is documented and retained in its official records, and that contracts include all applicable provisions of 2 CFR 200 Appendix II. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Special Supplemental Nutrition Program for Women, Infants, and Children (WIC) Assistance Listing No.: 10.557 Federal Grantor: U.S. Department of Agriculture Passed-through: California Department of Public Health Award No.: 22-10307 Award Year: 2024 Compliance Requirement: Activities Allowable or Unallowed and Allowable Costs/Cost Principles Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: 2 CFR Section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR Section 200.430, Compensation – Personal Services, states that charges to Federal awards for salaries and wages must be based on records that accurately reflect the work performed. These records must be supported by a system of internal control that provides reasonable assurance that the charges are accurate, allowable and properly allocated. Condition: For one (1) of sixty-eight (68) expenditures tested, we noted one timecard where the employee’s timecard was not approved by a supervisor. Cause: The County’s procedures did not consistently ensure that the review of timecards was documented. Effect: Lack of review for personnel hours could lead to unallowable activities and costs to be charged to the Federal program. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of sixty-eight (68) out of one thousand seven hundred eight (1,708) expenditures were tested, totaling $537,604 out of $4,554,560 of the federal program expenditures. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County modify and/or strengthen its current policies and procedures to ensure that all timecards consistently document evidence of supervisor approval. The procedures should also address the compensating controls for circumstances where obtaining the supervisor’s approval is not possible. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Special Supplemental Nutrition Program for Women, Infants, and Children (WIC) Assistance Listing No.: 10.557 Federal Grantor: U.S. Department of Agriculture Passed-through: California Department of Public Health Award No.: 22-10307 Award Year: 2024 Compliance Requirement: Procurement and Suspension and Debarment Type of Finding: Material Weakness in Internal Control over Compliance and Material Non-Compliance Criteria: 2 CFR section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Title 2 CFR Section 200.214 of the Uniform Guidance states that the County must comply with 2 CFR part 180, which implements Executive Orders 12549 and 12689. The regulations in 2 CFR part 180 restrict awards, subawards, and contracts with certain parties that are debarred, suspended, or otherwise excluded from or ineligible for participation in Federal assistance programs or activities. Per 2 CFR Section 180.300, when a non-Federal entity enters into a covered transaction with an entity at a lower tier, the non-Federal entity must verify that the entity, as defined in 2 CFR section 180.995 and agency adopting regulations, is not suspended or debarred or otherwise excluded from participating in the transaction. This verification may be accomplished by (1) checking the System for Award Management (SAM) Exclusions maintained by the General Services Administration (GSA) and available at https://www.sam.gov/SAM/, (2) collecting a certification from the entity, or (3) adding a clause or condition to the covered transaction with that entity. 2 CFR 200.318(i) Procurement records. The recipient or subrecipient must maintain records sufficient to detail the history of each procurement transaction. These records must include the rationale for the procurement method, contract type selection, contractor selection or rejection, and the basis for the contract price. 2 CFR 200.327 Contract provisions. The recipient's or subrecipient's contracts must contain the applicable provisions described in Appendix II to Part 200—Contract Provisions for Non-Federal Entity Contracts Under Federal Awards. Condition: During our testing of the County’s provisions for procurement requirements, we noted the following: 1. For two (2) out of two (2) contracts selected for testing there was no evidence that the County verified the entity was not suspended or debarred or otherwise excluded from participating in the transaction, prior to entering the contract. 2. For two (2) out of two (2) contracts selected for testing, the County did not include all applicable provisions described in 2 CFR 200 Appendix II. 3. For one (1) out of two (2) contracts selected for testing with a contract value of $600,000, the County could not provide documentation of the history of the procurement, including the rationale for the method of procurement, selection of contract type, basis for contractor selection, and the basis for the contract price. Cause: The County did not follow their policy to verify the information described in the condition prior to entering the transactions. The County did not follow their policy documenting the history of the procurement, including the rationale for the method of procurement, selection of contract type, basis for contractor selection, and the basis for the contract price. The County’s policy does not include the requirement to include all applicable provisions identified in 2 CFR 200 Appendix II in its contracts. Effect: Failure to implement and maintain a proper control process could result in payments to vendors that are suspended or debarred or improper awarding of contracts under the procurement guidance. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of two (2) out of twelve (12) procurement contracts were tested. This represented a total of $2,285,000 in contracted services under the grant. Repeat Finding from Prior Years: No. Recommendation: We recommend the County strengthen its policies and procedures to ensure that the verification of the debarment and suspension is documented and retained, the history of procurement transactions is documented and retained in its official records, and that contracts include all applicable provisions of 2 CFR 200 Appendix II. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Special Supplemental Nutrition Program for Women, Infants, and Children (WIC) Assistance Listing No.: 10.557 Federal Grantor: U.S. Department of Agriculture Passed-through: California Department of Public Health Award No.: 22-10307 Award Year: 2024 Compliance Requirement: Activities Allowable or Unallowed and Allowable Costs/Cost Principles Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: 2 CFR Section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR Section 200.430, Compensation – Personal Services, states that charges to Federal awards for salaries and wages must be based on records that accurately reflect the work performed. These records must be supported by a system of internal control that provides reasonable assurance that the charges are accurate, allowable and properly allocated. Condition: For one (1) of sixty-eight (68) expenditures tested, we noted one timecard where the employee’s timecard was not approved by a supervisor. Cause: The County’s procedures did not consistently ensure that the review of timecards was documented. Effect: Lack of review for personnel hours could lead to unallowable activities and costs to be charged to the Federal program. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of sixty-eight (68) out of one thousand seven hundred eight (1,708) expenditures were tested, totaling $537,604 out of $4,554,560 of the federal program expenditures. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County modify and/or strengthen its current policies and procedures to ensure that all timecards consistently document evidence of supervisor approval. The procedures should also address the compensating controls for circumstances where obtaining the supervisor’s approval is not possible. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirements: Reporting Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: 2 CFR Section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition: For two (2) out of two (2) financial summary reports CDBG PR26 and CDBG-CV PR26, the County did not retain evidence to document the individual who reviewed and approved the required reports. Cause: The County’s procedures did not include documenting the review and approval of the reports prior to submission. Effect: Ineffective controls over this area of compliance could result in reports that are inaccurate or incomplete being submitted or disclosed to the granting agency. Questioned Costs: No questioned costs were identified as a result of our audit procedures. Context/Sampling: A non-statistical sample of two (2) out of two (2) financial summary reports were selecting for testing. The condition above was identified during our procedures over reporting testing. Repeat Finding from Prior Years: No. Recommendation: We recommend the County revise its procedures to include evidence to document the individual who reviewed and approved required reports prior to submission. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirements: Reporting Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria: 2 CFR Section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Under the requirements of the Federal Funding Accountability and Transparency Act (FFATA) (Pub. L. No. 109-282), as amended by Section 6202 of Pub. L. No. 110-252, that are codified in 2 CFR Part 170, recipients (i.e., direct recipients) of grants or cooperative agreements are required to report first-tier subawards of $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). Condition: As a result of our audit procedures, we noted that five (5) out of five (5) first tier sub-awards tested were not reported timely in the FFATA Subaward Reporting System (FSRS), totaling $1,823,318. We also noted there was no review of the FFATA submissions by an individual independent of the preparation of the FFATA submissions. Transactions Tested Subaward Not Reported Report Not Timely Subaward Amount Incorrect Subaward Missing Key Elements 5 - 5 - - Dollar Amount of Tested Transactions Subaward Not Reported Report Not Timely Subaward Amount Incorrect Subaward Missing Key Elements $1,823,318 - $1,823,318 - - Cause: The County did not have proper internal controls in place to ensure sub-award information was submitted timely in accordance with the FFATA. We also noted there was no review of the FFATA submissions by an individual independent of the FFATA submissions. Effect: Subaward obligations were not reported in the FSRS on a timely basis. Questioned Costs: No questioned costs were identified as a result of our audit procedures. Context/Sampling: We tested the entire population of five subawards obligations during the year. Repeat Finding from Prior Years: No. Recommendation: We recommend the County implement internal controls to ensure subaward information is reviewed by management and submitted timely in accordance with the FFATA. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: In accordance with the 2024 OMB Compliance Supplement, nonfederal entities must record expenditures on the Schedule of Expenditures of Federal Awards (SEFA). The SEFA must include the total amount provided to subrecipients from each Federal program, on a cash basis. In addition, section 200.303 of the Uniform Guidance states that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA we noted subrecipient expenditures totaling $654,123 for the CDBG-Entitlement/Special Purpose Grants Cluster were incorrectly included on the SEFA as these expenditures were not paid until after June 30, 2024. Cause: County did not have adequate internal controls to ensure payments to subrecipients were appropriately reported on the SEFA. Effect: Prior to correction, amounts passed through to subrecipients for the CDBG-Entitlement/Special Purpose Grants Cluster on the SEFA were overstated by $654,123. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used. Program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We recommend the County enhance internal controls to ensure payments to subrecipients are appropriately reported on the SEFA. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirements: Reporting Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: 2 CFR Section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition: For two (2) out of two (2) financial summary reports CDBG PR26 and CDBG-CV PR26, the County did not retain evidence to document the individual who reviewed and approved the required reports. Cause: The County’s procedures did not include documenting the review and approval of the reports prior to submission. Effect: Ineffective controls over this area of compliance could result in reports that are inaccurate or incomplete being submitted or disclosed to the granting agency. Questioned Costs: No questioned costs were identified as a result of our audit procedures. Context/Sampling: A non-statistical sample of two (2) out of two (2) financial summary reports were selecting for testing. The condition above was identified during our procedures over reporting testing. Repeat Finding from Prior Years: No. Recommendation: We recommend the County revise its procedures to include evidence to document the individual who reviewed and approved required reports prior to submission. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirements: Reporting Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria: 2 CFR Section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Under the requirements of the Federal Funding Accountability and Transparency Act (FFATA) (Pub. L. No. 109-282), as amended by Section 6202 of Pub. L. No. 110-252, that are codified in 2 CFR Part 170, recipients (i.e., direct recipients) of grants or cooperative agreements are required to report first-tier subawards of $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). Condition: As a result of our audit procedures, we noted that five (5) out of five (5) first tier sub-awards tested were not reported timely in the FFATA Subaward Reporting System (FSRS), totaling $1,823,318. We also noted there was no review of the FFATA submissions by an individual independent of the preparation of the FFATA submissions. Transactions Tested Subaward Not Reported Report Not Timely Subaward Amount Incorrect Subaward Missing Key Elements 5 - 5 - - Dollar Amount of Tested Transactions Subaward Not Reported Report Not Timely Subaward Amount Incorrect Subaward Missing Key Elements $1,823,318 - $1,823,318 - - Cause: The County did not have proper internal controls in place to ensure sub-award information was submitted timely in accordance with the FFATA. We also noted there was no review of the FFATA submissions by an individual independent of the FFATA submissions. Effect: Subaward obligations were not reported in the FSRS on a timely basis. Questioned Costs: No questioned costs were identified as a result of our audit procedures. Context/Sampling: We tested the entire population of five subawards obligations during the year. Repeat Finding from Prior Years: No. Recommendation: We recommend the County implement internal controls to ensure subaward information is reviewed by management and submitted timely in accordance with the FFATA. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: In accordance with the 2024 OMB Compliance Supplement, nonfederal entities must record expenditures on the Schedule of Expenditures of Federal Awards (SEFA). The SEFA must include the total amount provided to subrecipients from each Federal program, on a cash basis. In addition, section 200.303 of the Uniform Guidance states that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA we noted subrecipient expenditures totaling $654,123 for the CDBG-Entitlement/Special Purpose Grants Cluster were incorrectly included on the SEFA as these expenditures were not paid until after June 30, 2024. Cause: County did not have adequate internal controls to ensure payments to subrecipients were appropriately reported on the SEFA. Effect: Prior to correction, amounts passed through to subrecipients for the CDBG-Entitlement/Special Purpose Grants Cluster on the SEFA were overstated by $654,123. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used. Program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We recommend the County enhance internal controls to ensure payments to subrecipients are appropriately reported on the SEFA. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirements: Reporting Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: 2 CFR Section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition: For two (2) out of two (2) financial summary reports CDBG PR26 and CDBG-CV PR26, the County did not retain evidence to document the individual who reviewed and approved the required reports. Cause: The County’s procedures did not include documenting the review and approval of the reports prior to submission. Effect: Ineffective controls over this area of compliance could result in reports that are inaccurate or incomplete being submitted or disclosed to the granting agency. Questioned Costs: No questioned costs were identified as a result of our audit procedures. Context/Sampling: A non-statistical sample of two (2) out of two (2) financial summary reports were selecting for testing. The condition above was identified during our procedures over reporting testing. Repeat Finding from Prior Years: No. Recommendation: We recommend the County revise its procedures to include evidence to document the individual who reviewed and approved required reports prior to submission. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirements: Reporting Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria: 2 CFR Section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Under the requirements of the Federal Funding Accountability and Transparency Act (FFATA) (Pub. L. No. 109-282), as amended by Section 6202 of Pub. L. No. 110-252, that are codified in 2 CFR Part 170, recipients (i.e., direct recipients) of grants or cooperative agreements are required to report first-tier subawards of $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). Condition: As a result of our audit procedures, we noted that five (5) out of five (5) first tier sub-awards tested were not reported timely in the FFATA Subaward Reporting System (FSRS), totaling $1,823,318. We also noted there was no review of the FFATA submissions by an individual independent of the preparation of the FFATA submissions. Transactions Tested Subaward Not Reported Report Not Timely Subaward Amount Incorrect Subaward Missing Key Elements 5 - 5 - - Dollar Amount of Tested Transactions Subaward Not Reported Report Not Timely Subaward Amount Incorrect Subaward Missing Key Elements $1,823,318 - $1,823,318 - - Cause: The County did not have proper internal controls in place to ensure sub-award information was submitted timely in accordance with the FFATA. We also noted there was no review of the FFATA submissions by an individual independent of the FFATA submissions. Effect: Subaward obligations were not reported in the FSRS on a timely basis. Questioned Costs: No questioned costs were identified as a result of our audit procedures. Context/Sampling: We tested the entire population of five subawards obligations during the year. Repeat Finding from Prior Years: No. Recommendation: We recommend the County implement internal controls to ensure subaward information is reviewed by management and submitted timely in accordance with the FFATA. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: In accordance with the 2024 OMB Compliance Supplement, nonfederal entities must record expenditures on the Schedule of Expenditures of Federal Awards (SEFA). The SEFA must include the total amount provided to subrecipients from each Federal program, on a cash basis. In addition, section 200.303 of the Uniform Guidance states that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA we noted subrecipient expenditures totaling $654,123 for the CDBG-Entitlement/Special Purpose Grants Cluster were incorrectly included on the SEFA as these expenditures were not paid until after June 30, 2024. Cause: County did not have adequate internal controls to ensure payments to subrecipients were appropriately reported on the SEFA. Effect: Prior to correction, amounts passed through to subrecipients for the CDBG-Entitlement/Special Purpose Grants Cluster on the SEFA were overstated by $654,123. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used. Program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We recommend the County enhance internal controls to ensure payments to subrecipients are appropriately reported on the SEFA. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirements: Reporting Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: 2 CFR Section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition: For two (2) out of two (2) financial summary reports CDBG PR26 and CDBG-CV PR26, the County did not retain evidence to document the individual who reviewed and approved the required reports. Cause: The County’s procedures did not include documenting the review and approval of the reports prior to submission. Effect: Ineffective controls over this area of compliance could result in reports that are inaccurate or incomplete being submitted or disclosed to the granting agency. Questioned Costs: No questioned costs were identified as a result of our audit procedures. Context/Sampling: A non-statistical sample of two (2) out of two (2) financial summary reports were selecting for testing. The condition above was identified during our procedures over reporting testing. Repeat Finding from Prior Years: No. Recommendation: We recommend the County revise its procedures to include evidence to document the individual who reviewed and approved required reports prior to submission. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirements: Reporting Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria: 2 CFR Section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Under the requirements of the Federal Funding Accountability and Transparency Act (FFATA) (Pub. L. No. 109-282), as amended by Section 6202 of Pub. L. No. 110-252, that are codified in 2 CFR Part 170, recipients (i.e., direct recipients) of grants or cooperative agreements are required to report first-tier subawards of $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). Condition: As a result of our audit procedures, we noted that five (5) out of five (5) first tier sub-awards tested were not reported timely in the FFATA Subaward Reporting System (FSRS), totaling $1,823,318. We also noted there was no review of the FFATA submissions by an individual independent of the preparation of the FFATA submissions. Transactions Tested Subaward Not Reported Report Not Timely Subaward Amount Incorrect Subaward Missing Key Elements 5 - 5 - - Dollar Amount of Tested Transactions Subaward Not Reported Report Not Timely Subaward Amount Incorrect Subaward Missing Key Elements $1,823,318 - $1,823,318 - - Cause: The County did not have proper internal controls in place to ensure sub-award information was submitted timely in accordance with the FFATA. We also noted there was no review of the FFATA submissions by an individual independent of the FFATA submissions. Effect: Subaward obligations were not reported in the FSRS on a timely basis. Questioned Costs: No questioned costs were identified as a result of our audit procedures. Context/Sampling: We tested the entire population of five subawards obligations during the year. Repeat Finding from Prior Years: No. Recommendation: We recommend the County implement internal controls to ensure subaward information is reviewed by management and submitted timely in accordance with the FFATA. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: In accordance with the 2024 OMB Compliance Supplement, nonfederal entities must record expenditures on the Schedule of Expenditures of Federal Awards (SEFA). The SEFA must include the total amount provided to subrecipients from each Federal program, on a cash basis. In addition, section 200.303 of the Uniform Guidance states that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA we noted subrecipient expenditures totaling $654,123 for the CDBG-Entitlement/Special Purpose Grants Cluster were incorrectly included on the SEFA as these expenditures were not paid until after June 30, 2024. Cause: County did not have adequate internal controls to ensure payments to subrecipients were appropriately reported on the SEFA. Effect: Prior to correction, amounts passed through to subrecipients for the CDBG-Entitlement/Special Purpose Grants Cluster on the SEFA were overstated by $654,123. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used. Program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We recommend the County enhance internal controls to ensure payments to subrecipients are appropriately reported on the SEFA. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirements: Reporting Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: 2 CFR Section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition: For two (2) out of two (2) financial summary reports CDBG PR26 and CDBG-CV PR26, the County did not retain evidence to document the individual who reviewed and approved the required reports. Cause: The County’s procedures did not include documenting the review and approval of the reports prior to submission. Effect: Ineffective controls over this area of compliance could result in reports that are inaccurate or incomplete being submitted or disclosed to the granting agency. Questioned Costs: No questioned costs were identified as a result of our audit procedures. Context/Sampling: A non-statistical sample of two (2) out of two (2) financial summary reports were selecting for testing. The condition above was identified during our procedures over reporting testing. Repeat Finding from Prior Years: No. Recommendation: We recommend the County revise its procedures to include evidence to document the individual who reviewed and approved required reports prior to submission. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirements: Reporting Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria: 2 CFR Section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Under the requirements of the Federal Funding Accountability and Transparency Act (FFATA) (Pub. L. No. 109-282), as amended by Section 6202 of Pub. L. No. 110-252, that are codified in 2 CFR Part 170, recipients (i.e., direct recipients) of grants or cooperative agreements are required to report first-tier subawards of $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). Condition: As a result of our audit procedures, we noted that five (5) out of five (5) first tier sub-awards tested were not reported timely in the FFATA Subaward Reporting System (FSRS), totaling $1,823,318. We also noted there was no review of the FFATA submissions by an individual independent of the preparation of the FFATA submissions. Transactions Tested Subaward Not Reported Report Not Timely Subaward Amount Incorrect Subaward Missing Key Elements 5 - 5 - - Dollar Amount of Tested Transactions Subaward Not Reported Report Not Timely Subaward Amount Incorrect Subaward Missing Key Elements $1,823,318 - $1,823,318 - - Cause: The County did not have proper internal controls in place to ensure sub-award information was submitted timely in accordance with the FFATA. We also noted there was no review of the FFATA submissions by an individual independent of the FFATA submissions. Effect: Subaward obligations were not reported in the FSRS on a timely basis. Questioned Costs: No questioned costs were identified as a result of our audit procedures. Context/Sampling: We tested the entire population of five subawards obligations during the year. Repeat Finding from Prior Years: No. Recommendation: We recommend the County implement internal controls to ensure subaward information is reviewed by management and submitted timely in accordance with the FFATA. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: In accordance with the 2024 OMB Compliance Supplement, nonfederal entities must record expenditures on the Schedule of Expenditures of Federal Awards (SEFA). The SEFA must include the total amount provided to subrecipients from each Federal program, on a cash basis. In addition, section 200.303 of the Uniform Guidance states that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA we noted subrecipient expenditures totaling $654,123 for the CDBG-Entitlement/Special Purpose Grants Cluster were incorrectly included on the SEFA as these expenditures were not paid until after June 30, 2024. Cause: County did not have adequate internal controls to ensure payments to subrecipients were appropriately reported on the SEFA. Effect: Prior to correction, amounts passed through to subrecipients for the CDBG-Entitlement/Special Purpose Grants Cluster on the SEFA were overstated by $654,123. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used. Program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We recommend the County enhance internal controls to ensure payments to subrecipients are appropriately reported on the SEFA. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirements: Reporting Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: 2 CFR Section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition: For two (2) out of two (2) financial summary reports CDBG PR26 and CDBG-CV PR26, the County did not retain evidence to document the individual who reviewed and approved the required reports. Cause: The County’s procedures did not include documenting the review and approval of the reports prior to submission. Effect: Ineffective controls over this area of compliance could result in reports that are inaccurate or incomplete being submitted or disclosed to the granting agency. Questioned Costs: No questioned costs were identified as a result of our audit procedures. Context/Sampling: A non-statistical sample of two (2) out of two (2) financial summary reports were selecting for testing. The condition above was identified during our procedures over reporting testing. Repeat Finding from Prior Years: No. Recommendation: We recommend the County revise its procedures to include evidence to document the individual who reviewed and approved required reports prior to submission. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirements: Reporting Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria: 2 CFR Section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Under the requirements of the Federal Funding Accountability and Transparency Act (FFATA) (Pub. L. No. 109-282), as amended by Section 6202 of Pub. L. No. 110-252, that are codified in 2 CFR Part 170, recipients (i.e., direct recipients) of grants or cooperative agreements are required to report first-tier subawards of $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). Condition: As a result of our audit procedures, we noted that five (5) out of five (5) first tier sub-awards tested were not reported timely in the FFATA Subaward Reporting System (FSRS), totaling $1,823,318. We also noted there was no review of the FFATA submissions by an individual independent of the preparation of the FFATA submissions. Transactions Tested Subaward Not Reported Report Not Timely Subaward Amount Incorrect Subaward Missing Key Elements 5 - 5 - - Dollar Amount of Tested Transactions Subaward Not Reported Report Not Timely Subaward Amount Incorrect Subaward Missing Key Elements $1,823,318 - $1,823,318 - - Cause: The County did not have proper internal controls in place to ensure sub-award information was submitted timely in accordance with the FFATA. We also noted there was no review of the FFATA submissions by an individual independent of the FFATA submissions. Effect: Subaward obligations were not reported in the FSRS on a timely basis. Questioned Costs: No questioned costs were identified as a result of our audit procedures. Context/Sampling: We tested the entire population of five subawards obligations during the year. Repeat Finding from Prior Years: No. Recommendation: We recommend the County implement internal controls to ensure subaward information is reviewed by management and submitted timely in accordance with the FFATA. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: CDBG-Entitlement/Special Purpose Grants Cluster Assistance Listing No.: 14.218 Federal Grantor: U.S. Department of Housing and Urban Development Passed-through: Direct Award and Pass-Through City of San Buenaventura Award No.: B-20-UC-06-0507, B-20-UW-06-0507, B-21-UC-06-0507, B-22-UC-06-0507, B-23-UC-06-0507, 95-6000807 Award Year: 2024 Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: In accordance with the 2024 OMB Compliance Supplement, nonfederal entities must record expenditures on the Schedule of Expenditures of Federal Awards (SEFA). The SEFA must include the total amount provided to subrecipients from each Federal program, on a cash basis. In addition, section 200.303 of the Uniform Guidance states that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA we noted subrecipient expenditures totaling $654,123 for the CDBG-Entitlement/Special Purpose Grants Cluster were incorrectly included on the SEFA as these expenditures were not paid until after June 30, 2024. Cause: County did not have adequate internal controls to ensure payments to subrecipients were appropriately reported on the SEFA. Effect: Prior to correction, amounts passed through to subrecipients for the CDBG-Entitlement/Special Purpose Grants Cluster on the SEFA were overstated by $654,123. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used. Program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We recommend the County enhance internal controls to ensure payments to subrecipients are appropriately reported on the SEFA. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Crime Victim Assistance Assistance Listing No.: 16.575 Federal Grantor: U.S. Department of Justice Passed-through: California Governor's Office of Emergency Services Award No. and Year: Affects all grant awards included under assistance listing 16.575 on the Schedule of Expenditures of Federal Awards. Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) states that the auditee (the County) must prepare a Schedule of Expenditures of Federal Awards (SEFA) for the period covered by the auditee’s financial statements, which must include the total federal awards expended (including amounts provided to subrecipients) as determined in accordance with §200.502. In addition, section 200.303 of the Uniform Guidance state that that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA and expenditures reported for the Crime Victim Assistance program we noted the County initially reported expenditures totaling $1,491,417 that should have been reported on the FY 2023 SEFA, as the County incurred the expenditures prior to June 30, 2023. The June 30, 2024 SEFA was corrected for this reporting error. Cause: The County did not have adequate internal controls to ensure the Schedule was prepared completely and accurately. Effect: Prior to the correction, expenditures for the Crime Victim Assistance program were overstated by $1,491,417. We noted the FY 2023 expenditures incorrectly reported on the FY 2024 SEFA did not have a direct and material effect on the FY 2023 SEFA. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used; all program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We the recommend the County enhance internal controls to ensure federal expenditures are reported accurately and completely on the SEFA in accordance with the Uniform Guidance. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Crime Victim Assistance Assistance Listing No.: 16.575 Federal Grantor: U.S. Department of Justice Passed-through: California Governor's Office of Emergency Services Award No. and Year: Affects all grant awards included under assistance listing 16.575 on the Schedule of Expenditures of Federal Awards. Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) states that the auditee (the County) must prepare a Schedule of Expenditures of Federal Awards (SEFA) for the period covered by the auditee’s financial statements, which must include the total federal awards expended (including amounts provided to subrecipients) as determined in accordance with §200.502. In addition, section 200.303 of the Uniform Guidance state that that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA and expenditures reported for the Crime Victim Assistance program we noted the County initially reported expenditures totaling $1,491,417 that should have been reported on the FY 2023 SEFA, as the County incurred the expenditures prior to June 30, 2023. The June 30, 2024 SEFA was corrected for this reporting error. Cause: The County did not have adequate internal controls to ensure the Schedule was prepared completely and accurately. Effect: Prior to the correction, expenditures for the Crime Victim Assistance program were overstated by $1,491,417. We noted the FY 2023 expenditures incorrectly reported on the FY 2024 SEFA did not have a direct and material effect on the FY 2023 SEFA. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used; all program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We the recommend the County enhance internal controls to ensure federal expenditures are reported accurately and completely on the SEFA in accordance with the Uniform Guidance. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Crime Victim Assistance Assistance Listing No.: 16.575 Federal Grantor: U.S. Department of Justice Passed-through: California Governor's Office of Emergency Services Award No. and Year: Affects all grant awards included under assistance listing 16.575 on the Schedule of Expenditures of Federal Awards. Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) states that the auditee (the County) must prepare a Schedule of Expenditures of Federal Awards (SEFA) for the period covered by the auditee’s financial statements, which must include the total federal awards expended (including amounts provided to subrecipients) as determined in accordance with §200.502. In addition, section 200.303 of the Uniform Guidance state that that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA and expenditures reported for the Crime Victim Assistance program we noted the County initially reported expenditures totaling $1,491,417 that should have been reported on the FY 2023 SEFA, as the County incurred the expenditures prior to June 30, 2023. The June 30, 2024 SEFA was corrected for this reporting error. Cause: The County did not have adequate internal controls to ensure the Schedule was prepared completely and accurately. Effect: Prior to the correction, expenditures for the Crime Victim Assistance program were overstated by $1,491,417. We noted the FY 2023 expenditures incorrectly reported on the FY 2024 SEFA did not have a direct and material effect on the FY 2023 SEFA. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used; all program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We the recommend the County enhance internal controls to ensure federal expenditures are reported accurately and completely on the SEFA in accordance with the Uniform Guidance. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Crime Victim Assistance Assistance Listing No.: 16.575 Federal Grantor: U.S. Department of Justice Passed-through: California Governor's Office of Emergency Services Award No. and Year: Affects all grant awards included under assistance listing 16.575 on the Schedule of Expenditures of Federal Awards. Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) states that the auditee (the County) must prepare a Schedule of Expenditures of Federal Awards (SEFA) for the period covered by the auditee’s financial statements, which must include the total federal awards expended (including amounts provided to subrecipients) as determined in accordance with §200.502. In addition, section 200.303 of the Uniform Guidance state that that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA and expenditures reported for the Crime Victim Assistance program we noted the County initially reported expenditures totaling $1,491,417 that should have been reported on the FY 2023 SEFA, as the County incurred the expenditures prior to June 30, 2023. The June 30, 2024 SEFA was corrected for this reporting error. Cause: The County did not have adequate internal controls to ensure the Schedule was prepared completely and accurately. Effect: Prior to the correction, expenditures for the Crime Victim Assistance program were overstated by $1,491,417. We noted the FY 2023 expenditures incorrectly reported on the FY 2024 SEFA did not have a direct and material effect on the FY 2023 SEFA. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used; all program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We the recommend the County enhance internal controls to ensure federal expenditures are reported accurately and completely on the SEFA in accordance with the Uniform Guidance. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Crime Victim Assistance Assistance Listing No.: 16.575 Federal Grantor: U.S. Department of Justice Passed-through: California Governor's Office of Emergency Services Award No. and Year: Affects all grant awards included under assistance listing 16.575 on the Schedule of Expenditures of Federal Awards. Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) states that the auditee (the County) must prepare a Schedule of Expenditures of Federal Awards (SEFA) for the period covered by the auditee’s financial statements, which must include the total federal awards expended (including amounts provided to subrecipients) as determined in accordance with §200.502. In addition, section 200.303 of the Uniform Guidance state that that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA and expenditures reported for the Crime Victim Assistance program we noted the County initially reported expenditures totaling $1,491,417 that should have been reported on the FY 2023 SEFA, as the County incurred the expenditures prior to June 30, 2023. The June 30, 2024 SEFA was corrected for this reporting error. Cause: The County did not have adequate internal controls to ensure the Schedule was prepared completely and accurately. Effect: Prior to the correction, expenditures for the Crime Victim Assistance program were overstated by $1,491,417. We noted the FY 2023 expenditures incorrectly reported on the FY 2024 SEFA did not have a direct and material effect on the FY 2023 SEFA. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used; all program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We the recommend the County enhance internal controls to ensure federal expenditures are reported accurately and completely on the SEFA in accordance with the Uniform Guidance. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Crime Victim Assistance Assistance Listing No.: 16.575 Federal Grantor: U.S. Department of Justice Passed-through: California Governor's Office of Emergency Services Award No. and Year: Affects all grant awards included under assistance listing 16.575 on the Schedule of Expenditures of Federal Awards. Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) states that the auditee (the County) must prepare a Schedule of Expenditures of Federal Awards (SEFA) for the period covered by the auditee’s financial statements, which must include the total federal awards expended (including amounts provided to subrecipients) as determined in accordance with §200.502. In addition, section 200.303 of the Uniform Guidance state that that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA and expenditures reported for the Crime Victim Assistance program we noted the County initially reported expenditures totaling $1,491,417 that should have been reported on the FY 2023 SEFA, as the County incurred the expenditures prior to June 30, 2023. The June 30, 2024 SEFA was corrected for this reporting error. Cause: The County did not have adequate internal controls to ensure the Schedule was prepared completely and accurately. Effect: Prior to the correction, expenditures for the Crime Victim Assistance program were overstated by $1,491,417. We noted the FY 2023 expenditures incorrectly reported on the FY 2024 SEFA did not have a direct and material effect on the FY 2023 SEFA. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used; all program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We the recommend the County enhance internal controls to ensure federal expenditures are reported accurately and completely on the SEFA in accordance with the Uniform Guidance. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Crime Victim Assistance Assistance Listing No.: 16.575 Federal Grantor: U.S. Department of Justice Passed-through: California Governor's Office of Emergency Services Award No. and Year: Affects all grant awards included under assistance listing 16.575 on the Schedule of Expenditures of Federal Awards. Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) states that the auditee (the County) must prepare a Schedule of Expenditures of Federal Awards (SEFA) for the period covered by the auditee’s financial statements, which must include the total federal awards expended (including amounts provided to subrecipients) as determined in accordance with §200.502. In addition, section 200.303 of the Uniform Guidance state that that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA and expenditures reported for the Crime Victim Assistance program we noted the County initially reported expenditures totaling $1,491,417 that should have been reported on the FY 2023 SEFA, as the County incurred the expenditures prior to June 30, 2023. The June 30, 2024 SEFA was corrected for this reporting error. Cause: The County did not have adequate internal controls to ensure the Schedule was prepared completely and accurately. Effect: Prior to the correction, expenditures for the Crime Victim Assistance program were overstated by $1,491,417. We noted the FY 2023 expenditures incorrectly reported on the FY 2024 SEFA did not have a direct and material effect on the FY 2023 SEFA. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used; all program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We the recommend the County enhance internal controls to ensure federal expenditures are reported accurately and completely on the SEFA in accordance with the Uniform Guidance. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Crime Victim Assistance Assistance Listing No.: 16.575 Federal Grantor: U.S. Department of Justice Passed-through: California Governor's Office of Emergency Services Award No. and Year: Affects all grant awards included under assistance listing 16.575 on the Schedule of Expenditures of Federal Awards. Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) states that the auditee (the County) must prepare a Schedule of Expenditures of Federal Awards (SEFA) for the period covered by the auditee’s financial statements, which must include the total federal awards expended (including amounts provided to subrecipients) as determined in accordance with §200.502. In addition, section 200.303 of the Uniform Guidance state that that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA and expenditures reported for the Crime Victim Assistance program we noted the County initially reported expenditures totaling $1,491,417 that should have been reported on the FY 2023 SEFA, as the County incurred the expenditures prior to June 30, 2023. The June 30, 2024 SEFA was corrected for this reporting error. Cause: The County did not have adequate internal controls to ensure the Schedule was prepared completely and accurately. Effect: Prior to the correction, expenditures for the Crime Victim Assistance program were overstated by $1,491,417. We noted the FY 2023 expenditures incorrectly reported on the FY 2024 SEFA did not have a direct and material effect on the FY 2023 SEFA. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used; all program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We the recommend the County enhance internal controls to ensure federal expenditures are reported accurately and completely on the SEFA in accordance with the Uniform Guidance. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Crime Victim Assistance Assistance Listing No.: 16.575 Federal Grantor: U.S. Department of Justice Passed-through: California Governor's Office of Emergency Services Award No. and Year: Affects all grant awards included under assistance listing 16.575 on the Schedule of Expenditures of Federal Awards. Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) states that the auditee (the County) must prepare a Schedule of Expenditures of Federal Awards (SEFA) for the period covered by the auditee’s financial statements, which must include the total federal awards expended (including amounts provided to subrecipients) as determined in accordance with §200.502. In addition, section 200.303 of the Uniform Guidance state that that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA and expenditures reported for the Crime Victim Assistance program we noted the County initially reported expenditures totaling $1,491,417 that should have been reported on the FY 2023 SEFA, as the County incurred the expenditures prior to June 30, 2023. The June 30, 2024 SEFA was corrected for this reporting error. Cause: The County did not have adequate internal controls to ensure the Schedule was prepared completely and accurately. Effect: Prior to the correction, expenditures for the Crime Victim Assistance program were overstated by $1,491,417. We noted the FY 2023 expenditures incorrectly reported on the FY 2024 SEFA did not have a direct and material effect on the FY 2023 SEFA. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used; all program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We the recommend the County enhance internal controls to ensure federal expenditures are reported accurately and completely on the SEFA in accordance with the Uniform Guidance. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Crime Victim Assistance Assistance Listing No.: 16.575 Federal Grantor: U.S. Department of Justice Passed-through: California Governor's Office of Emergency Services Award No. and Year: Affects all grant awards included under assistance listing 16.575 on the Schedule of Expenditures of Federal Awards. Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) states that the auditee (the County) must prepare a Schedule of Expenditures of Federal Awards (SEFA) for the period covered by the auditee’s financial statements, which must include the total federal awards expended (including amounts provided to subrecipients) as determined in accordance with §200.502. In addition, section 200.303 of the Uniform Guidance state that that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA and expenditures reported for the Crime Victim Assistance program we noted the County initially reported expenditures totaling $1,491,417 that should have been reported on the FY 2023 SEFA, as the County incurred the expenditures prior to June 30, 2023. The June 30, 2024 SEFA was corrected for this reporting error. Cause: The County did not have adequate internal controls to ensure the Schedule was prepared completely and accurately. Effect: Prior to the correction, expenditures for the Crime Victim Assistance program were overstated by $1,491,417. We noted the FY 2023 expenditures incorrectly reported on the FY 2024 SEFA did not have a direct and material effect on the FY 2023 SEFA. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used; all program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We the recommend the County enhance internal controls to ensure federal expenditures are reported accurately and completely on the SEFA in accordance with the Uniform Guidance. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Crime Victim Assistance Assistance Listing No.: 16.575 Federal Grantor: U.S. Department of Justice Passed-through: California Governor's Office of Emergency Services Award No. and Year: Affects all grant awards included under assistance listing 16.575 on the Schedule of Expenditures of Federal Awards. Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) states that the auditee (the County) must prepare a Schedule of Expenditures of Federal Awards (SEFA) for the period covered by the auditee’s financial statements, which must include the total federal awards expended (including amounts provided to subrecipients) as determined in accordance with §200.502. In addition, section 200.303 of the Uniform Guidance state that that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA and expenditures reported for the Crime Victim Assistance program we noted the County initially reported expenditures totaling $1,491,417 that should have been reported on the FY 2023 SEFA, as the County incurred the expenditures prior to June 30, 2023. The June 30, 2024 SEFA was corrected for this reporting error. Cause: The County did not have adequate internal controls to ensure the Schedule was prepared completely and accurately. Effect: Prior to the correction, expenditures for the Crime Victim Assistance program were overstated by $1,491,417. We noted the FY 2023 expenditures incorrectly reported on the FY 2024 SEFA did not have a direct and material effect on the FY 2023 SEFA. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used; all program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We the recommend the County enhance internal controls to ensure federal expenditures are reported accurately and completely on the SEFA in accordance with the Uniform Guidance. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Crime Victim Assistance Assistance Listing No.: 16.575 Federal Grantor: U.S. Department of Justice Passed-through: California Governor's Office of Emergency Services Award No. and Year: Affects all grant awards included under assistance listing 16.575 on the Schedule of Expenditures of Federal Awards. Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) states that the auditee (the County) must prepare a Schedule of Expenditures of Federal Awards (SEFA) for the period covered by the auditee’s financial statements, which must include the total federal awards expended (including amounts provided to subrecipients) as determined in accordance with §200.502. In addition, section 200.303 of the Uniform Guidance state that that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA and expenditures reported for the Crime Victim Assistance program we noted the County initially reported expenditures totaling $1,491,417 that should have been reported on the FY 2023 SEFA, as the County incurred the expenditures prior to June 30, 2023. The June 30, 2024 SEFA was corrected for this reporting error. Cause: The County did not have adequate internal controls to ensure the Schedule was prepared completely and accurately. Effect: Prior to the correction, expenditures for the Crime Victim Assistance program were overstated by $1,491,417. We noted the FY 2023 expenditures incorrectly reported on the FY 2024 SEFA did not have a direct and material effect on the FY 2023 SEFA. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used; all program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We the recommend the County enhance internal controls to ensure federal expenditures are reported accurately and completely on the SEFA in accordance with the Uniform Guidance. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Crime Victim Assistance Assistance Listing No.: 16.575 Federal Grantor: U.S. Department of Justice Passed-through: California Governor's Office of Emergency Services Award No. and Year: Affects all grant awards included under assistance listing 16.575 on the Schedule of Expenditures of Federal Awards. Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) states that the auditee (the County) must prepare a Schedule of Expenditures of Federal Awards (SEFA) for the period covered by the auditee’s financial statements, which must include the total federal awards expended (including amounts provided to subrecipients) as determined in accordance with §200.502. In addition, section 200.303 of the Uniform Guidance state that that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA and expenditures reported for the Crime Victim Assistance program we noted the County initially reported expenditures totaling $1,491,417 that should have been reported on the FY 2023 SEFA, as the County incurred the expenditures prior to June 30, 2023. The June 30, 2024 SEFA was corrected for this reporting error. Cause: The County did not have adequate internal controls to ensure the Schedule was prepared completely and accurately. Effect: Prior to the correction, expenditures for the Crime Victim Assistance program were overstated by $1,491,417. We noted the FY 2023 expenditures incorrectly reported on the FY 2024 SEFA did not have a direct and material effect on the FY 2023 SEFA. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used; all program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We the recommend the County enhance internal controls to ensure federal expenditures are reported accurately and completely on the SEFA in accordance with the Uniform Guidance. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Crime Victim Assistance Assistance Listing No.: 16.575 Federal Grantor: U.S. Department of Justice Passed-through: California Governor's Office of Emergency Services Award No. and Year: Affects all grant awards included under assistance listing 16.575 on the Schedule of Expenditures of Federal Awards. Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) states that the auditee (the County) must prepare a Schedule of Expenditures of Federal Awards (SEFA) for the period covered by the auditee’s financial statements, which must include the total federal awards expended (including amounts provided to subrecipients) as determined in accordance with §200.502. In addition, section 200.303 of the Uniform Guidance state that that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA and expenditures reported for the Crime Victim Assistance program we noted the County initially reported expenditures totaling $1,491,417 that should have been reported on the FY 2023 SEFA, as the County incurred the expenditures prior to June 30, 2023. The June 30, 2024 SEFA was corrected for this reporting error. Cause: The County did not have adequate internal controls to ensure the Schedule was prepared completely and accurately. Effect: Prior to the correction, expenditures for the Crime Victim Assistance program were overstated by $1,491,417. We noted the FY 2023 expenditures incorrectly reported on the FY 2024 SEFA did not have a direct and material effect on the FY 2023 SEFA. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used; all program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We the recommend the County enhance internal controls to ensure federal expenditures are reported accurately and completely on the SEFA in accordance with the Uniform Guidance. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Crime Victim Assistance Assistance Listing No.: 16.575 Federal Grantor: U.S. Department of Justice Passed-through: California Governor's Office of Emergency Services Award No. and Year: Affects all grant awards included under assistance listing 16.575 on the Schedule of Expenditures of Federal Awards. Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) states that the auditee (the County) must prepare a Schedule of Expenditures of Federal Awards (SEFA) for the period covered by the auditee’s financial statements, which must include the total federal awards expended (including amounts provided to subrecipients) as determined in accordance with §200.502. In addition, section 200.303 of the Uniform Guidance state that that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA and expenditures reported for the Crime Victim Assistance program we noted the County initially reported expenditures totaling $1,491,417 that should have been reported on the FY 2023 SEFA, as the County incurred the expenditures prior to June 30, 2023. The June 30, 2024 SEFA was corrected for this reporting error. Cause: The County did not have adequate internal controls to ensure the Schedule was prepared completely and accurately. Effect: Prior to the correction, expenditures for the Crime Victim Assistance program were overstated by $1,491,417. We noted the FY 2023 expenditures incorrectly reported on the FY 2024 SEFA did not have a direct and material effect on the FY 2023 SEFA. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used; all program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We the recommend the County enhance internal controls to ensure federal expenditures are reported accurately and completely on the SEFA in accordance with the Uniform Guidance. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Crime Victim Assistance Assistance Listing No.: 16.575 Federal Grantor: U.S. Department of Justice Passed-through: California Governor's Office of Emergency Services Award No. and Year: Affects all grant awards included under assistance listing 16.575 on the Schedule of Expenditures of Federal Awards. Compliance Requirement: Other - Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) - Schedule of Expenditures of Federal Awards Type of Finding: Material Weakness in Internal Control Over Compliance Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.510(b) states that the auditee (the County) must prepare a Schedule of Expenditures of Federal Awards (SEFA) for the period covered by the auditee’s financial statements, which must include the total federal awards expended (including amounts provided to subrecipients) as determined in accordance with §200.502. In addition, section 200.303 of the Uniform Guidance state that that recipients and subrecipients must establish effective internal control over the federal awards, including controls over the accuracy of program information and expenditure amounts. Condition: During our audit procedures performed over the SEFA and expenditures reported for the Crime Victim Assistance program we noted the County initially reported expenditures totaling $1,491,417 that should have been reported on the FY 2023 SEFA, as the County incurred the expenditures prior to June 30, 2023. The June 30, 2024 SEFA was corrected for this reporting error. Cause: The County did not have adequate internal controls to ensure the Schedule was prepared completely and accurately. Effect: Prior to the correction, expenditures for the Crime Victim Assistance program were overstated by $1,491,417. We noted the FY 2023 expenditures incorrectly reported on the FY 2024 SEFA did not have a direct and material effect on the FY 2023 SEFA. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: No sampling was used; all program expenditures on the SEFA were reconciled to supporting records. Repeat Finding from Prior Years: No. Recommendation: We the recommend the County enhance internal controls to ensure federal expenditures are reported accurately and completely on the SEFA in accordance with the Uniform Guidance. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: COVID-19 Health Center Program Cluster Assistance Listing No.: 93.224; 93.527 Federal Grantor: U.S. Department of Health and Human Services Passed-through: N/A Award No.: 4 H8GCS48295‐01‐01 Award Year: 12/01/2022 ‐ 12/31/2023 Compliance Requirement: Procurement and Suspension and Debarment Type of Finding: Material Weakness in Internal Control over Compliance and Material Non-Compliance Criteria: 2 CFR section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Title 2 CFR Section 200.214 of the Uniform Guidance states that the County must comply with 2 CFR part 180, which implements Executive Orders 12549 and 12689. The regulations in 2 CFR part 180 restrict awards, subawards, and contracts with certain parties that are debarred, suspended, or otherwise excluded from or ineligible for participation in Federal assistance programs or activities. Per 2 CFR Section 180.300, when a non-Federal entity enters into a covered transaction with an entity at a lower tier, the non-Federal entity must verify that the entity, as defined in 2 CFR section 180.995 and agency adopting regulations, is not suspended or debarred or otherwise excluded from participating in the transaction. This verification may be accomplished by (1) checking the System for Award Management (SAM) Exclusions maintained by the General Services Administration (GSA) and available at https://www.sam.gov/SAM/, (2) collecting a certification from the entity, or (3) adding a clause or condition to the covered transaction with that entity. 2 CFR 200.318(i) Procurement records. The recipient or subrecipient must maintain records sufficient to detail the history of each procurement transaction. These records must include the rationale for the procurement method, contract type selection, contractor selection or rejection, and the basis for the contract price. 2 CFR 200.327 Contract provisions. The recipient's or subrecipient's contracts must contain the applicable provisions described in Appendix II to Part 200—Contract Provisions for Non-Federal Entity Contracts Under Federal Awards. Condition: During our testing of the County’s provisions for procurement requirements, we noted the following: 1. For one (1) out of three (3) contracts selected for testing, there was no evidence that the County verified the entity was not suspended or debarred or otherwise excluded from participating in the transaction, prior to entering the contract. 2. For one (1) out of three (3) contracts selected for testing, the County did not include all applicable provisions described in 2 CFR 200 Appendix II. 3. For one (1) out of three (3) contracts selected for testing with a total contract value of $2,616,000, the County could not provide documentation of the history of the procurement, including the rationale for the method of procurement, selection of contract type, basis for contractor selection, and the basis for the contract price. Cause: The County did not follow their policy to verify the information described in the condition prior to entering the transactions. The County did not follow their policy documenting the history of the procurement, including the rationale for the method of procurement, selection of contract type, basis for contractor selection, and the basis for the contract price. The County’s policy does not include the requirement to include all applicable provisions identified in 2 CFR 200 Appendix II in its contracts. Effect: Failure to implement and maintain a proper control process could result in payments to vendors that are suspended or debarred or improper awarding of contracts under the procurement guidance. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of three (3) out of three (3) procurement contracts were tested. This represented a total of $21,679,640 in contracted services under the grant. Repeat Finding from Prior Years: No. Recommendation: We recommend the County strengthen its policies and procedures to ensure that the verification of the debarment and suspension is documented and retained, the history of procurement transactions is documented and retained in its official records, and that contracts include all applicable provisions of 2 CFR 200 Appendix II. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: COVID-19 Health Center Program Cluster Assistance Listing No.: 93.224; 93.527 Federal Grantor: U.S. Department of Health and Human Services Passed-through: N/A Award No.: 4 H8GCS48295‐01‐01 Award Year: 12/01/2022 ‐ 12/31/2023 Compliance Requirement: Procurement and Suspension and Debarment Type of Finding: Material Weakness in Internal Control over Compliance and Material Non-Compliance Criteria: 2 CFR section 200.303(a), Internal Controls, states that the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Title 2 CFR Section 200.214 of the Uniform Guidance states that the County must comply with 2 CFR part 180, which implements Executive Orders 12549 and 12689. The regulations in 2 CFR part 180 restrict awards, subawards, and contracts with certain parties that are debarred, suspended, or otherwise excluded from or ineligible for participation in Federal assistance programs or activities. Per 2 CFR Section 180.300, when a non-Federal entity enters into a covered transaction with an entity at a lower tier, the non-Federal entity must verify that the entity, as defined in 2 CFR section 180.995 and agency adopting regulations, is not suspended or debarred or otherwise excluded from participating in the transaction. This verification may be accomplished by (1) checking the System for Award Management (SAM) Exclusions maintained by the General Services Administration (GSA) and available at https://www.sam.gov/SAM/, (2) collecting a certification from the entity, or (3) adding a clause or condition to the covered transaction with that entity. 2 CFR 200.318(i) Procurement records. The recipient or subrecipient must maintain records sufficient to detail the history of each procurement transaction. These records must include the rationale for the procurement method, contract type selection, contractor selection or rejection, and the basis for the contract price. 2 CFR 200.327 Contract provisions. The recipient's or subrecipient's contracts must contain the applicable provisions described in Appendix II to Part 200—Contract Provisions for Non-Federal Entity Contracts Under Federal Awards. Condition: During our testing of the County’s provisions for procurement requirements, we noted the following: 1. For one (1) out of three (3) contracts selected for testing, there was no evidence that the County verified the entity was not suspended or debarred or otherwise excluded from participating in the transaction, prior to entering the contract. 2. For one (1) out of three (3) contracts selected for testing, the County did not include all applicable provisions described in 2 CFR 200 Appendix II. 3. For one (1) out of three (3) contracts selected for testing with a total contract value of $2,616,000, the County could not provide documentation of the history of the procurement, including the rationale for the method of procurement, selection of contract type, basis for contractor selection, and the basis for the contract price. Cause: The County did not follow their policy to verify the information described in the condition prior to entering the transactions. The County did not follow their policy documenting the history of the procurement, including the rationale for the method of procurement, selection of contract type, basis for contractor selection, and the basis for the contract price. The County’s policy does not include the requirement to include all applicable provisions identified in 2 CFR 200 Appendix II in its contracts. Effect: Failure to implement and maintain a proper control process could result in payments to vendors that are suspended or debarred or improper awarding of contracts under the procurement guidance. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of three (3) out of three (3) procurement contracts were tested. This represented a total of $21,679,640 in contracted services under the grant. Repeat Finding from Prior Years: No. Recommendation: We recommend the County strengthen its policies and procedures to ensure that the verification of the debarment and suspension is documented and retained, the history of procurement transactions is documented and retained in its official records, and that contracts include all applicable provisions of 2 CFR 200 Appendix II. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.