Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-004 Reporting and Subrecipient Monitoring Federal Program: Coronavirus State and Local Fiscal Recovery Funds [AL #21.027] Criteria: Per CFR 200.331 “a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor.” Condition: When submitting required quarterly reports, the County improperly identified two entities as being subrecipients instead of contractors. Cause: The reporting guidance was not clear on the definition of subrecipient vs contractor and therefore resulted in a misunderstanding. Effect: The two entities could potentially be identified as subrecipients and therefore subject to single audit when they should not be. Questioned Costs: None identified. Context: Those responsible for the Federal awards did not have a clear understanding of the difference between subrecipient and contractor. Repeat Finding: This is not a repeat finding. Recommendation: We recommend the County review the requirements for determining whether a disbursement qualifies as a payment to a subrecipient or a contractor and ensure all those that administer Federal funding have an understanding of the terms. Additionally, we recommend the County ensure they are aware of all compliance requirements surrounding subrecipient monitoring. Views of Responsible Officials and Planned Corrective Action: The guidance was unclear when reporting began in 2021. The delineation is now understood and will be corrected in the next quarterly report to the Treasury Department.
Finding 2022-004 Reporting and Subrecipient Monitoring Federal Program: Coronavirus State and Local Fiscal Recovery Funds [AL #21.027] Criteria: Per CFR 200.331 “a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor.” Condition: When submitting required quarterly reports, the County improperly identified two entities as being subrecipients instead of contractors. Cause: The reporting guidance was not clear on the definition of subrecipient vs contractor and therefore resulted in a misunderstanding. Effect: The two entities could potentially be identified as subrecipients and therefore subject to single audit when they should not be. Questioned Costs: None identified. Context: Those responsible for the Federal awards did not have a clear understanding of the difference between subrecipient and contractor. Repeat Finding: This is not a repeat finding. Recommendation: We recommend the County review the requirements for determining whether a disbursement qualifies as a payment to a subrecipient or a contractor and ensure all those that administer Federal funding have an understanding of the terms. Additionally, we recommend the County ensure they are aware of all compliance requirements surrounding subrecipient monitoring. Views of Responsible Officials and Planned Corrective Action: The guidance was unclear when reporting began in 2021. The delineation is now understood and will be corrected in the next quarterly report to the Treasury Department.
Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. However, it was noted that the Organization implemented a process during the year to properly document whether a company is a contractor or a subrecipient. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are in compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should have instituted a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2021-006
Finding 2022-004: Subrecipient Management and Monitoring Information on the Federal Programs: Assistance Listing Number 98.001 Criteria: As stated in 2 CFR 200.331 part (b), all pass-through entities must evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring procedures to prescribe to each individual subrecipient. Condition: Astraea has a subaward policy, which requires a risk assessment form be completed for each potential subrecipient. However, this step was not completed for all of the subrecipients in which Astraea engaged with during the fiscal year. Cause: Astraea did not adhere to its policy in regards to risk assessment procedures. Context: Astraea failed to perform risk assessment procedures. Our audit work in this area consisted of substantive testwork over a sample of subrecipient expenditures that were selected based on a defined threshold. We consider our sample to be representative of the populations, and thus, is a statistically valid sample. The issue is deemed to be systemic. Effect: Astraea could inadvertently engage in relationships with subrecipients of higher risk without the appropriate level of oversight (i.e. monitoring) to ensure subrecipients are expending funds in accordance with the provisions and terms of the subaward. Questioned Costs: None noted. Identification as a Repeat Finding: Yes - Finding 2021-005. Recommendation: We recommend Astraea adhere to its current subaward policy and ensure the risk assessment procedures over all of its subrecipients are performed and documented prior to engagement. Based on these risk assessments, Astraea should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend Astraea require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately.
2022-001 Subrecipient MonitoringCriteria: In accordance with 2 CFR 200.331, the Organization is required to ensure that subrecipients monitor activities as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals.Condition: The Organization did not always maintain adequate documentation of support for monitoring subrecipients in accordance with 2 CFR 200.331 and their own internal policies.Context: When available, monthly, quarterly, and annual subrecipient monitoring documentation was reviewed.Effect: The Organization could not effectively determine that subrecipients met all subaward requirements.Cause: The Organization did have effective policies and procedures in place to evaluate risk and monitor subrecipients. However, documentation and support for monitoring procedures were not adequately maintained.Questioned Costs: None reported.Recommendation: We recommend the Organization review policies and procedures for subrecipient monitoring. Further, the Organization should ensure that all documentation and support for the monitoring of activities for subawards in regards to authorized purpose, terms and conditions, and performance goals are properly maintained.Response: We concur with this finding. As of July 1, 2022, North Central Missouri College was selected as the Grant Recipient/Fiscal Agent for the Northeast Workforce Development Board?s grant funds. Procedures to manage, track, and account for all subrecipient grant awards are in place and will be followed.
2022-001 Subrecipient MonitoringCriteria: In accordance with 2 CFR 200.331, the Organization is required to ensure that subrecipients monitor activities as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals.Condition: The Organization did not always maintain adequate documentation of support for monitoring subrecipients in accordance with 2 CFR 200.331 and their own internal policies.Context: When available, monthly, quarterly, and annual subrecipient monitoring documentation was reviewed.Effect: The Organization could not effectively determine that subrecipients met all subaward requirements.Cause: The Organization did have effective policies and procedures in place to evaluate risk and monitor subrecipients. However, documentation and support for monitoring procedures were not adequately maintained.Questioned Costs: None reported.Recommendation: We recommend the Organization review policies and procedures for subrecipient monitoring. Further, the Organization should ensure that all documentation and support for the monitoring of activities for subawards in regards to authorized purpose, terms and conditions, and performance goals are properly maintained.Response: We concur with this finding. As of July 1, 2022, North Central Missouri College was selected as the Grant Recipient/Fiscal Agent for the Northeast Workforce Development Board?s grant funds. Procedures to manage, track, and account for all subrecipient grant awards are in place and will be followed.
2022-001 Subrecipient MonitoringCriteria: In accordance with 2 CFR 200.331, the Organization is required to ensure that subrecipients monitor activities as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals.Condition: The Organization did not always maintain adequate documentation of support for monitoring subrecipients in accordance with 2 CFR 200.331 and their own internal policies.Context: When available, monthly, quarterly, and annual subrecipient monitoring documentation was reviewed.Effect: The Organization could not effectively determine that subrecipients met all subaward requirements.Cause: The Organization did have effective policies and procedures in place to evaluate risk and monitor subrecipients. However, documentation and support for monitoring procedures were not adequately maintained.Questioned Costs: None reported.Recommendation: We recommend the Organization review policies and procedures for subrecipient monitoring. Further, the Organization should ensure that all documentation and support for the monitoring of activities for subawards in regards to authorized purpose, terms and conditions, and performance goals are properly maintained.Response: We concur with this finding. As of July 1, 2022, North Central Missouri College was selected as the Grant Recipient/Fiscal Agent for the Northeast Workforce Development Board?s grant funds. Procedures to manage, track, and account for all subrecipient grant awards are in place and will be followed.
2022-001 Subrecipient MonitoringCriteria: In accordance with 2 CFR 200.331, the Organization is required to ensure that subrecipients monitor activities as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals.Condition: The Organization did not always maintain adequate documentation of support for monitoring subrecipients in accordance with 2 CFR 200.331 and their own internal policies.Context: When available, monthly, quarterly, and annual subrecipient monitoring documentation was reviewed.Effect: The Organization could not effectively determine that subrecipients met all subaward requirements.Cause: The Organization did have effective policies and procedures in place to evaluate risk and monitor subrecipients. However, documentation and support for monitoring procedures were not adequately maintained.Questioned Costs: None reported.Recommendation: We recommend the Organization review policies and procedures for subrecipient monitoring. Further, the Organization should ensure that all documentation and support for the monitoring of activities for subawards in regards to authorized purpose, terms and conditions, and performance goals are properly maintained.Response: We concur with this finding. As of July 1, 2022, North Central Missouri College was selected as the Grant Recipient/Fiscal Agent for the Northeast Workforce Development Board?s grant funds. Procedures to manage, track, and account for all subrecipient grant awards are in place and will be followed.
2022-001 Subrecipient MonitoringCriteria: In accordance with 2 CFR 200.331, the Organization is required to ensure that subrecipients monitor activities as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals.Condition: The Organization did not always maintain adequate documentation of support for monitoring subrecipients in accordance with 2 CFR 200.331 and their own internal policies.Context: When available, monthly, quarterly, and annual subrecipient monitoring documentation was reviewed.Effect: The Organization could not effectively determine that subrecipients met all subaward requirements.Cause: The Organization did have effective policies and procedures in place to evaluate risk and monitor subrecipients. However, documentation and support for monitoring procedures were not adequately maintained.Questioned Costs: None reported.Recommendation: We recommend the Organization review policies and procedures for subrecipient monitoring. Further, the Organization should ensure that all documentation and support for the monitoring of activities for subawards in regards to authorized purpose, terms and conditions, and performance goals are properly maintained.Response: We concur with this finding. As of July 1, 2022, North Central Missouri College was selected as the Grant Recipient/Fiscal Agent for the Northeast Workforce Development Board?s grant funds. Procedures to manage, track, and account for all subrecipient grant awards are in place and will be followed.
2022-001 Subrecipient MonitoringCriteria: In accordance with 2 CFR 200.331, the Organization is required to ensure that subrecipients monitor activities as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals.Condition: The Organization did not always maintain adequate documentation of support for monitoring subrecipients in accordance with 2 CFR 200.331 and their own internal policies.Context: When available, monthly, quarterly, and annual subrecipient monitoring documentation was reviewed.Effect: The Organization could not effectively determine that subrecipients met all subaward requirements.Cause: The Organization did have effective policies and procedures in place to evaluate risk and monitor subrecipients. However, documentation and support for monitoring procedures were not adequately maintained.Questioned Costs: None reported.Recommendation: We recommend the Organization review policies and procedures for subrecipient monitoring. Further, the Organization should ensure that all documentation and support for the monitoring of activities for subawards in regards to authorized purpose, terms and conditions, and performance goals are properly maintained.Response: We concur with this finding. As of July 1, 2022, North Central Missouri College was selected as the Grant Recipient/Fiscal Agent for the Northeast Workforce Development Board?s grant funds. Procedures to manage, track, and account for all subrecipient grant awards are in place and will be followed.
2022-001 Subrecipient MonitoringCriteria: In accordance with 2 CFR 200.331, the Organization is required to ensure that subrecipients monitor activities as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals.Condition: The Organization did not always maintain adequate documentation of support for monitoring subrecipients in accordance with 2 CFR 200.331 and their own internal policies.Context: When available, monthly, quarterly, and annual subrecipient monitoring documentation was reviewed.Effect: The Organization could not effectively determine that subrecipients met all subaward requirements.Cause: The Organization did have effective policies and procedures in place to evaluate risk and monitor subrecipients. However, documentation and support for monitoring procedures were not adequately maintained.Questioned Costs: None reported.Recommendation: We recommend the Organization review policies and procedures for subrecipient monitoring. Further, the Organization should ensure that all documentation and support for the monitoring of activities for subawards in regards to authorized purpose, terms and conditions, and performance goals are properly maintained.Response: We concur with this finding. As of July 1, 2022, North Central Missouri College was selected as the Grant Recipient/Fiscal Agent for the Northeast Workforce Development Board?s grant funds. Procedures to manage, track, and account for all subrecipient grant awards are in place and will be followed.
2022-001 Subrecipient MonitoringCriteria: In accordance with 2 CFR 200.331, the Organization is required to ensure that subrecipients monitor activities as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals.Condition: The Organization did not always maintain adequate documentation of support for monitoring subrecipients in accordance with 2 CFR 200.331 and their own internal policies.Context: When available, monthly, quarterly, and annual subrecipient monitoring documentation was reviewed.Effect: The Organization could not effectively determine that subrecipients met all subaward requirements.Cause: The Organization did have effective policies and procedures in place to evaluate risk and monitor subrecipients. However, documentation and support for monitoring procedures were not adequately maintained.Questioned Costs: None reported.Recommendation: We recommend the Organization review policies and procedures for subrecipient monitoring. Further, the Organization should ensure that all documentation and support for the monitoring of activities for subawards in regards to authorized purpose, terms and conditions, and performance goals are properly maintained.Response: We concur with this finding. As of July 1, 2022, North Central Missouri College was selected as the Grant Recipient/Fiscal Agent for the Northeast Workforce Development Board?s grant funds. Procedures to manage, track, and account for all subrecipient grant awards are in place and will be followed.