Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-066 Research and Development Cluster Subrecipient Monitoring Compliance Requirement The federal government sponsors research and development (R&D) activities under a variety of types of awards, most commonly grants, cooperative agreements, and contracts, to achieve objectives agreed upon between the federal awarding agency and the non-federal entity. The types of R&D conducted under these awards vary greatly. The objective of an individual project is explained in the federal award letter. R&D activities at the University are subject to federal subrecipient monitoring requirements. Under these requirements, the University is required to monitor its subrecipients to ensure they use funds in accordance with applicable laws, regulations and terms of the award. A subrecipient is defined in federal regulations [2 CFR 200.1] as ?an entity, usually but not limited to non-Federal entities, that receives a subaward from a pass-through entity to carry out part of a federal award; but does not include an individual that is a beneficiary of such award. A subrecipient may also be a recipient of other Federal awards directly from a federal awarding agency.? Federal regulations [2 CFR 200.1] define a subaward as an award provided by a pass-through entity, in this case the University, to an entity to carry out part of a Federal grant award received by the pass-through entity. As part of its subrecipient monitoring process, the University uses a subrecipient monitoring checklist that includes a variety of checkpoints, including whether an approved budget is in place and reviewed: whether the subrecipient had an audit, if applicable, and whether that audit has been reviewed; and whether a risk assessment related to a subrecipient?s potential noncompliance has been performed. During Fiscal Year 2022, the University?s three campuses in total expended approximately $916 million in R&D grant funds: $504 million, $406 million, and $6 million from the Boulder, Denver, and UCCS campuses, respectively. The University passed approximately $120 million to 1,325 subrecipients including other universities and non-profit organizations, to assist in the performance of a wide-range of projects such as research into learning disabilities or the advancement of scientific discovery, or other research related projects. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the University?s campuses had adequate internal controls in place over, and complied with, the R&D?s subrecipient monitoring requirements for Fiscal Year 2022. As part of our audit work, we tested 40 subrecipients to determine whether the University campuses? performed the subrecipient risk assessments related to a subrecipient?s potential noncompliance as required by federal regulations. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: ? Federal regulation 2 CFR 200.331(b) requires that the University?s campuses, as federal grant recipients, must ?evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.? ? The Boulder campus? policy states that monitoring the subaward is a ?collaborative effort? made in both Central Administration as well as in the departments through the Principal Investigator and their supporting Department Administrator.? Completion of a risk analysis and the subrecipient monitoring checklist is listed among the responsibilities of the Central Office. What problem did the audit work identify? The Boulder campus did not perform a risk assessment for six out of the 40 subrecipients we tested (15 percent). However, the campus did perform other monitoring procedures over these subrecipients as the risk assessment process is one procedure in the overall subrecipient monitoring process. Why did this problem occur? The University did not have adequate internal controls in place for monitoring its subrecipients. Specifically, the University?s Boulder campus did not ensure that staff reviewed the subrecipient monitoring checklist in all instances to ensure all appropriate steps were completed, including risk assessments. University personnel indicated that proper staffing was not in place and specific monitoring of risk assessments was not being performed. Why does this problem matter? The University is obligated to adhere to specified requirements as outlined in federal regulations and the respective award agreement. By failing to adhere to the requirements for subrecipient monitoring, the University risks performing inadequate or inappropriate monitoring procedures and thereby increases the risk of subawards being used for unauthorized purposes. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-066 The University of Colorado?s Boulder campus should strengthen its internal controls over, and ensure compliance with, federal subrecipient monitoring requirements for the Research and Development Cluster grant programs by enforcing required reviews of the subrecipient checklist for completeness to ensure all of the appropriate steps are completed, including risk assessments, and by ensuring that appropriate levels of staff are assigned responsibility for the reviews. Response University of Colorado Agree Implementation Date: November 2022 Management agrees with the recommendation. Due to hiring of new staff and an internal audit with similar findings, these actions were in process and implemented as of November 2022. These actions are part of the Sub Team?s standard operating processes and will continue. The proposed corrective action plan is as follows: ? The hiring of new team members in 2022; all team members trained on subcontracting processes and documentation requirements with an emphasis on following standard baseline procedures. ? New Subcontract Administrator (SCA) position tasked with compiling final packets for each sub, which includes a quality check to ensure all documents and signatures required are included. ? Use of subcontract checklist and risk assessments required and consistently done by the team.
Finding 2022-004 Reporting and Subrecipient Monitoring Federal Program: Coronavirus State and Local Fiscal Recovery Funds [AL #21.027] Criteria: Per CFR 200.331 “a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor.” Condition: When submitting required quarterly reports, the County improperly identified two entities as being subrecipients instead of contractors. Cause: The reporting guidance was not clear on the definition of subrecipient vs contractor and therefore resulted in a misunderstanding. Effect: The two entities could potentially be identified as subrecipients and therefore subject to single audit when they should not be. Questioned Costs: None identified. Context: Those responsible for the Federal awards did not have a clear understanding of the difference between subrecipient and contractor. Repeat Finding: This is not a repeat finding. Recommendation: We recommend the County review the requirements for determining whether a disbursement qualifies as a payment to a subrecipient or a contractor and ensure all those that administer Federal funding have an understanding of the terms. Additionally, we recommend the County ensure they are aware of all compliance requirements surrounding subrecipient monitoring. Views of Responsible Officials and Planned Corrective Action: The guidance was unclear when reporting began in 2021. The delineation is now understood and will be corrected in the next quarterly report to the Treasury Department.
Finding 2022-004 Reporting and Subrecipient Monitoring Federal Program: Coronavirus State and Local Fiscal Recovery Funds [AL #21.027] Criteria: Per CFR 200.331 “a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor.” Condition: When submitting required quarterly reports, the County improperly identified two entities as being subrecipients instead of contractors. Cause: The reporting guidance was not clear on the definition of subrecipient vs contractor and therefore resulted in a misunderstanding. Effect: The two entities could potentially be identified as subrecipients and therefore subject to single audit when they should not be. Questioned Costs: None identified. Context: Those responsible for the Federal awards did not have a clear understanding of the difference between subrecipient and contractor. Repeat Finding: This is not a repeat finding. Recommendation: We recommend the County review the requirements for determining whether a disbursement qualifies as a payment to a subrecipient or a contractor and ensure all those that administer Federal funding have an understanding of the terms. Additionally, we recommend the County ensure they are aware of all compliance requirements surrounding subrecipient monitoring. Views of Responsible Officials and Planned Corrective Action: The guidance was unclear when reporting began in 2021. The delineation is now understood and will be corrected in the next quarterly report to the Treasury Department.
Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. However, it was noted that the Organization implemented a process during the year to properly document whether a company is a contractor or a subrecipient. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are in compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should have instituted a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2021-006
Finding 2022-004: Subrecipient Management and Monitoring Information on the Federal Programs: Assistance Listing Number 98.001 Criteria: As stated in 2 CFR 200.331 part (b), all pass-through entities must evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring procedures to prescribe to each individual subrecipient. Condition: Astraea has a subaward policy, which requires a risk assessment form be completed for each potential subrecipient. However, this step was not completed for all of the subrecipients in which Astraea engaged with during the fiscal year. Cause: Astraea did not adhere to its policy in regards to risk assessment procedures. Context: Astraea failed to perform risk assessment procedures. Our audit work in this area consisted of substantive testwork over a sample of subrecipient expenditures that were selected based on a defined threshold. We consider our sample to be representative of the populations, and thus, is a statistically valid sample. The issue is deemed to be systemic. Effect: Astraea could inadvertently engage in relationships with subrecipients of higher risk without the appropriate level of oversight (i.e. monitoring) to ensure subrecipients are expending funds in accordance with the provisions and terms of the subaward. Questioned Costs: None noted. Identification as a Repeat Finding: Yes - Finding 2021-005. Recommendation: We recommend Astraea adhere to its current subaward policy and ensure the risk assessment procedures over all of its subrecipients are performed and documented prior to engagement. Based on these risk assessments, Astraea should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend Astraea require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately.
2022-001 Subrecipient MonitoringCriteria: In accordance with 2 CFR 200.331, the Organization is required to ensure that subrecipients monitor activities as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals.Condition: The Organization did not always maintain adequate documentation of support for monitoring subrecipients in accordance with 2 CFR 200.331 and their own internal policies.Context: When available, monthly, quarterly, and annual subrecipient monitoring documentation was reviewed.Effect: The Organization could not effectively determine that subrecipients met all subaward requirements.Cause: The Organization did have effective policies and procedures in place to evaluate risk and monitor subrecipients. However, documentation and support for monitoring procedures were not adequately maintained.Questioned Costs: None reported.Recommendation: We recommend the Organization review policies and procedures for subrecipient monitoring. Further, the Organization should ensure that all documentation and support for the monitoring of activities for subawards in regards to authorized purpose, terms and conditions, and performance goals are properly maintained.Response: We concur with this finding. As of July 1, 2022, North Central Missouri College was selected as the Grant Recipient/Fiscal Agent for the Northeast Workforce Development Board?s grant funds. Procedures to manage, track, and account for all subrecipient grant awards are in place and will be followed.
2022-001 Subrecipient MonitoringCriteria: In accordance with 2 CFR 200.331, the Organization is required to ensure that subrecipients monitor activities as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals.Condition: The Organization did not always maintain adequate documentation of support for monitoring subrecipients in accordance with 2 CFR 200.331 and their own internal policies.Context: When available, monthly, quarterly, and annual subrecipient monitoring documentation was reviewed.Effect: The Organization could not effectively determine that subrecipients met all subaward requirements.Cause: The Organization did have effective policies and procedures in place to evaluate risk and monitor subrecipients. However, documentation and support for monitoring procedures were not adequately maintained.Questioned Costs: None reported.Recommendation: We recommend the Organization review policies and procedures for subrecipient monitoring. Further, the Organization should ensure that all documentation and support for the monitoring of activities for subawards in regards to authorized purpose, terms and conditions, and performance goals are properly maintained.Response: We concur with this finding. As of July 1, 2022, North Central Missouri College was selected as the Grant Recipient/Fiscal Agent for the Northeast Workforce Development Board?s grant funds. Procedures to manage, track, and account for all subrecipient grant awards are in place and will be followed.
2022-001 Subrecipient MonitoringCriteria: In accordance with 2 CFR 200.331, the Organization is required to ensure that subrecipients monitor activities as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals.Condition: The Organization did not always maintain adequate documentation of support for monitoring subrecipients in accordance with 2 CFR 200.331 and their own internal policies.Context: When available, monthly, quarterly, and annual subrecipient monitoring documentation was reviewed.Effect: The Organization could not effectively determine that subrecipients met all subaward requirements.Cause: The Organization did have effective policies and procedures in place to evaluate risk and monitor subrecipients. However, documentation and support for monitoring procedures were not adequately maintained.Questioned Costs: None reported.Recommendation: We recommend the Organization review policies and procedures for subrecipient monitoring. Further, the Organization should ensure that all documentation and support for the monitoring of activities for subawards in regards to authorized purpose, terms and conditions, and performance goals are properly maintained.Response: We concur with this finding. As of July 1, 2022, North Central Missouri College was selected as the Grant Recipient/Fiscal Agent for the Northeast Workforce Development Board?s grant funds. Procedures to manage, track, and account for all subrecipient grant awards are in place and will be followed.
2022-001 Subrecipient MonitoringCriteria: In accordance with 2 CFR 200.331, the Organization is required to ensure that subrecipients monitor activities as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals.Condition: The Organization did not always maintain adequate documentation of support for monitoring subrecipients in accordance with 2 CFR 200.331 and their own internal policies.Context: When available, monthly, quarterly, and annual subrecipient monitoring documentation was reviewed.Effect: The Organization could not effectively determine that subrecipients met all subaward requirements.Cause: The Organization did have effective policies and procedures in place to evaluate risk and monitor subrecipients. However, documentation and support for monitoring procedures were not adequately maintained.Questioned Costs: None reported.Recommendation: We recommend the Organization review policies and procedures for subrecipient monitoring. Further, the Organization should ensure that all documentation and support for the monitoring of activities for subawards in regards to authorized purpose, terms and conditions, and performance goals are properly maintained.Response: We concur with this finding. As of July 1, 2022, North Central Missouri College was selected as the Grant Recipient/Fiscal Agent for the Northeast Workforce Development Board?s grant funds. Procedures to manage, track, and account for all subrecipient grant awards are in place and will be followed.
2022-001 Subrecipient MonitoringCriteria: In accordance with 2 CFR 200.331, the Organization is required to ensure that subrecipients monitor activities as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals.Condition: The Organization did not always maintain adequate documentation of support for monitoring subrecipients in accordance with 2 CFR 200.331 and their own internal policies.Context: When available, monthly, quarterly, and annual subrecipient monitoring documentation was reviewed.Effect: The Organization could not effectively determine that subrecipients met all subaward requirements.Cause: The Organization did have effective policies and procedures in place to evaluate risk and monitor subrecipients. However, documentation and support for monitoring procedures were not adequately maintained.Questioned Costs: None reported.Recommendation: We recommend the Organization review policies and procedures for subrecipient monitoring. Further, the Organization should ensure that all documentation and support for the monitoring of activities for subawards in regards to authorized purpose, terms and conditions, and performance goals are properly maintained.Response: We concur with this finding. As of July 1, 2022, North Central Missouri College was selected as the Grant Recipient/Fiscal Agent for the Northeast Workforce Development Board?s grant funds. Procedures to manage, track, and account for all subrecipient grant awards are in place and will be followed.
2022-001 Subrecipient MonitoringCriteria: In accordance with 2 CFR 200.331, the Organization is required to ensure that subrecipients monitor activities as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals.Condition: The Organization did not always maintain adequate documentation of support for monitoring subrecipients in accordance with 2 CFR 200.331 and their own internal policies.Context: When available, monthly, quarterly, and annual subrecipient monitoring documentation was reviewed.Effect: The Organization could not effectively determine that subrecipients met all subaward requirements.Cause: The Organization did have effective policies and procedures in place to evaluate risk and monitor subrecipients. However, documentation and support for monitoring procedures were not adequately maintained.Questioned Costs: None reported.Recommendation: We recommend the Organization review policies and procedures for subrecipient monitoring. Further, the Organization should ensure that all documentation and support for the monitoring of activities for subawards in regards to authorized purpose, terms and conditions, and performance goals are properly maintained.Response: We concur with this finding. As of July 1, 2022, North Central Missouri College was selected as the Grant Recipient/Fiscal Agent for the Northeast Workforce Development Board?s grant funds. Procedures to manage, track, and account for all subrecipient grant awards are in place and will be followed.
2022-001 Subrecipient MonitoringCriteria: In accordance with 2 CFR 200.331, the Organization is required to ensure that subrecipients monitor activities as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals.Condition: The Organization did not always maintain adequate documentation of support for monitoring subrecipients in accordance with 2 CFR 200.331 and their own internal policies.Context: When available, monthly, quarterly, and annual subrecipient monitoring documentation was reviewed.Effect: The Organization could not effectively determine that subrecipients met all subaward requirements.Cause: The Organization did have effective policies and procedures in place to evaluate risk and monitor subrecipients. However, documentation and support for monitoring procedures were not adequately maintained.Questioned Costs: None reported.Recommendation: We recommend the Organization review policies and procedures for subrecipient monitoring. Further, the Organization should ensure that all documentation and support for the monitoring of activities for subawards in regards to authorized purpose, terms and conditions, and performance goals are properly maintained.Response: We concur with this finding. As of July 1, 2022, North Central Missouri College was selected as the Grant Recipient/Fiscal Agent for the Northeast Workforce Development Board?s grant funds. Procedures to manage, track, and account for all subrecipient grant awards are in place and will be followed.
2022-001 Subrecipient MonitoringCriteria: In accordance with 2 CFR 200.331, the Organization is required to ensure that subrecipients monitor activities as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals.Condition: The Organization did not always maintain adequate documentation of support for monitoring subrecipients in accordance with 2 CFR 200.331 and their own internal policies.Context: When available, monthly, quarterly, and annual subrecipient monitoring documentation was reviewed.Effect: The Organization could not effectively determine that subrecipients met all subaward requirements.Cause: The Organization did have effective policies and procedures in place to evaluate risk and monitor subrecipients. However, documentation and support for monitoring procedures were not adequately maintained.Questioned Costs: None reported.Recommendation: We recommend the Organization review policies and procedures for subrecipient monitoring. Further, the Organization should ensure that all documentation and support for the monitoring of activities for subawards in regards to authorized purpose, terms and conditions, and performance goals are properly maintained.Response: We concur with this finding. As of July 1, 2022, North Central Missouri College was selected as the Grant Recipient/Fiscal Agent for the Northeast Workforce Development Board?s grant funds. Procedures to manage, track, and account for all subrecipient grant awards are in place and will be followed.
Federal Program: Workforce Investment Opportunity Act Cluster Assistance Listing 17.258 WIOA Adult Program Assistance Listing 17.259 WIOA Youth Activities Assistance Listing 17.278 WIOA Dislocated Worker Formula Grants Pass-Through Entity Identifying Number: 05-P19-Youth-81/05-P20-Youth-81 05-F20-Adult-81/05-F21-Adult-81/05-F22-Adult-81 05-F20-DLW-81/05-F21-DLW-81/05-F22-DLW-81 Federal Agency: U.S. Department of Labor 2022-002 Criteria or specific requirement: Subrecipient Monitoring (2 CFR 200.331 and 20CFR 683.210) and Activities Allowed or Unallowed (2 CFR 200, Subpart E) – Management is responsible for ensuring compliance with certain provisions of laws, regulations, contracts, and grant agreements. Condition: An ongoing investigation by a state agency on the WIOA program for the 2021 program year (fiscal 2022) has alleged a potential violation of cost allowable under federal awards. The reports state that there are questioned costs of approximately $775,000. Questioned Costs: $775,000 Context: The Organization operated without a legally binding agreement for WIOA Title I and One-stop Operator Services for over 10 months after the expiration of the previous contract. This results in questioned costs of $725,000. In addition, there was not sufficient documentation to support the allocation basis for certain expenditures charged to WIOA that resulted in additional questioned costs. Effect: The noncompliance could have a direct and material effect on the financial statements. Cause: Proper allowable costs policies and procedures were not in place according to the state agency. Identification as a Repeat Finding, if Applicable: N/A Recommendation: We recommend the Organization strengthen controls and processes related to the allowable costs policies and procedures. Views of Responsible Officials and Planned Corrective Actions: Management is considering its options for further appeals to the Department of Labor for review.
Federal Program: Workforce Investment Opportunity Act Cluster Assistance Listing 17.258 WIOA Adult Program Assistance Listing 17.259 WIOA Youth Activities Assistance Listing 17.278 WIOA Dislocated Worker Formula Grants Pass-Through Entity Identifying Number: 05-P19-Youth-81/05-P20-Youth-81 05-F20-Adult-81/05-F21-Adult-81/05-F22-Adult-81 05-F20-DLW-81/05-F21-DLW-81/05-F22-DLW-81 Federal Agency: U.S. Department of Labor 2022-002 Criteria or specific requirement: Subrecipient Monitoring (2 CFR 200.331 and 20CFR 683.210) and Activities Allowed or Unallowed (2 CFR 200, Subpart E) – Management is responsible for ensuring compliance with certain provisions of laws, regulations, contracts, and grant agreements. Condition: An ongoing investigation by a state agency on the WIOA program for the 2021 program year (fiscal 2022) has alleged a potential violation of cost allowable under federal awards. The reports state that there are questioned costs of approximately $775,000. Questioned Costs: $775,000 Context: The Organization operated without a legally binding agreement for WIOA Title I and One-stop Operator Services for over 10 months after the expiration of the previous contract. This results in questioned costs of $725,000. In addition, there was not sufficient documentation to support the allocation basis for certain expenditures charged to WIOA that resulted in additional questioned costs. Effect: The noncompliance could have a direct and material effect on the financial statements. Cause: Proper allowable costs policies and procedures were not in place according to the state agency. Identification as a Repeat Finding, if Applicable: N/A Recommendation: We recommend the Organization strengthen controls and processes related to the allowable costs policies and procedures. Views of Responsible Officials and Planned Corrective Actions: Management is considering its options for further appeals to the Department of Labor for review.
Federal Program: Workforce Investment Opportunity Act Cluster Assistance Listing 17.258 WIOA Adult Program Assistance Listing 17.259 WIOA Youth Activities Assistance Listing 17.278 WIOA Dislocated Worker Formula Grants Pass-Through Entity Identifying Number: 05-P19-Youth-81/05-P20-Youth-81 05-F20-Adult-81/05-F21-Adult-81/05-F22-Adult-81 05-F20-DLW-81/05-F21-DLW-81/05-F22-DLW-81 Federal Agency: U.S. Department of Labor 2022-002 Criteria or specific requirement: Subrecipient Monitoring (2 CFR 200.331 and 20CFR 683.210) and Activities Allowed or Unallowed (2 CFR 200, Subpart E) – Management is responsible for ensuring compliance with certain provisions of laws, regulations, contracts, and grant agreements. Condition: An ongoing investigation by a state agency on the WIOA program for the 2021 program year (fiscal 2022) has alleged a potential violation of cost allowable under federal awards. The reports state that there are questioned costs of approximately $775,000. Questioned Costs: $775,000 Context: The Organization operated without a legally binding agreement for WIOA Title I and One-stop Operator Services for over 10 months after the expiration of the previous contract. This results in questioned costs of $725,000. In addition, there was not sufficient documentation to support the allocation basis for certain expenditures charged to WIOA that resulted in additional questioned costs. Effect: The noncompliance could have a direct and material effect on the financial statements. Cause: Proper allowable costs policies and procedures were not in place according to the state agency. Identification as a Repeat Finding, if Applicable: N/A Recommendation: We recommend the Organization strengthen controls and processes related to the allowable costs policies and procedures. Views of Responsible Officials and Planned Corrective Actions: Management is considering its options for further appeals to the Department of Labor for review.
Finding 2022-006 Internal Control and Compliance over Subrecipient Monitoring Information on the Federal Program: Assistance Listing Number(s): 17.258, 17.259, 17.278 Federal Program Name: Workforce Innovation and Opportunity Act (WIOA) Federal Agency: U.S. Department of Labor Pass-Through Entity: California Employment Development Department Federal Award Number and Award Year: AA311008 - FY21-22 Criteria: Title 2 - Grants and Agreements. Subtitle A - Office of Management and Budget Guidance for Grants and Agreements. Chapter II - Office of Management and Budget Guidance. Part 200 - Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Subpart D - Post Federal Award Requirements. Standards for Financial and Program Management. §200.303 Internal controls (2 CFR 200.303): The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Title 2: Grants and Agreements, Subtitle A - Office of Management and Budget Guidance for Grants and Agreements, Chapter II - Office of Management and Budget Guidance, Part 200 - Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards Subpart D - Post Federal Award Requirements, Subrecipient Monitoring and Management, §200.331 Requirements for pass-through entities (2 CFR 200.331): All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: (1) Federal award identification. i. Subrecipient name (which must match the name associated with its unique entity identifier); ii. Subrecipient's unique entity identifier; iii. Federal Award Identification Number (FAIN); iv. Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; v. Subaward Period of Performance Start and End Date; vi. Subaward Budget Period Start and End Date; vii. Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; viii. Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; ix. Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; x. Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); xi. Name of Federal awarding agency, pass-through entity, and contact information for awarding xii. Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; xiii. Identification of whether the award is R&D; and xiv. Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414.; (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; (3) Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports; Title 2: Grants and Agreements, Subtitle A - Office of Management and Budget Guidance for Grants and Agreements, Chapter II - Office of Management and Budget Guidance, Part 200 - Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards Subpart D - Post Federal Award Requirements, Subrecipient Monitoring and Management, §200.332 Requirements for pass-through entities (2 CFR 200.332): All pass-through entities must: (a) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). Condition: During our testing of the Imperial County Workforce Development Office’s (ICWDO) provisions for subrecipient monitoring under the WIOA Cluster, we noted the following instances: For one (1) of the one (1) subrecipient selected for testing, there was no review or approval over the monitoring procedures performed by ICWDO monitoring staff. The entire population of one (1) subrecipient. • The following information was not provided at the time of the subaward for one (1) of the one (1) subaward selected for testing: o Federal award identification number o Federal award date of award to recipient by the Federal agency o Name of federal awarding agency o Federal Financial Assistance Listing/CFDA Number o Identification of whether the award is research and development • The County did not document their evaluation of each subrecipient’s risk of noncompliance Cause: The County’s ICWDO department does not have a formal procedure in place for the department’s review and approval over the monitoring procedures performed by the department over its subrecipients. The ICWDO department did not ensure that the required award information and applicable requirements were communicated to the subrecipients and did not maintain documentation of their evaluation of each subrecipient’s risk of noncompliance. Effect: The County’s ICWDO department did not review and approve monitoring procedures performed over its subrecipients. Additionally, the ICWDO department did not maintain policies and procedures to align with the Subrecipient Monitoring requirements in 2 CFR 200.332 (a) and 200.332(b). Identification as a Repeat Finding, If Applicable: Yes. See Finding 2021-008. Questioned Costs: No questioned costs were identified. Recommendation: Social Services should continue to monitor compliance with its policies to ensure case workers follow the established guidelines for redetermination of the recipients of need and amount of assistance and retain acceptable documentation to support the determinations. View of Responsible Officials and Planned Corrective Action: See separate Corrective Action Plan.
Finding 2022-006 Internal Control and Compliance over Subrecipient Monitoring Information on the Federal Program: Assistance Listing Number(s): 17.258, 17.259, 17.278 Federal Program Name: Workforce Innovation and Opportunity Act (WIOA) Federal Agency: U.S. Department of Labor Pass-Through Entity: California Employment Development Department Federal Award Number and Award Year: AA311008 - FY21-22 Criteria: Title 2 - Grants and Agreements. Subtitle A - Office of Management and Budget Guidance for Grants and Agreements. Chapter II - Office of Management and Budget Guidance. Part 200 - Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Subpart D - Post Federal Award Requirements. Standards for Financial and Program Management. §200.303 Internal controls (2 CFR 200.303): The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Title 2: Grants and Agreements, Subtitle A - Office of Management and Budget Guidance for Grants and Agreements, Chapter II - Office of Management and Budget Guidance, Part 200 - Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards Subpart D - Post Federal Award Requirements, Subrecipient Monitoring and Management, §200.331 Requirements for pass-through entities (2 CFR 200.331): All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: (1) Federal award identification. i. Subrecipient name (which must match the name associated with its unique entity identifier); ii. Subrecipient's unique entity identifier; iii. Federal Award Identification Number (FAIN); iv. Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; v. Subaward Period of Performance Start and End Date; vi. Subaward Budget Period Start and End Date; vii. Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; viii. Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; ix. Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; x. Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); xi. Name of Federal awarding agency, pass-through entity, and contact information for awarding xii. Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; xiii. Identification of whether the award is R&D; and xiv. Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414.; (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; (3) Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports; Title 2: Grants and Agreements, Subtitle A - Office of Management and Budget Guidance for Grants and Agreements, Chapter II - Office of Management and Budget Guidance, Part 200 - Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards Subpart D - Post Federal Award Requirements, Subrecipient Monitoring and Management, §200.332 Requirements for pass-through entities (2 CFR 200.332): All pass-through entities must: (a) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). Condition: During our testing of the Imperial County Workforce Development Office’s (ICWDO) provisions for subrecipient monitoring under the WIOA Cluster, we noted the following instances: For one (1) of the one (1) subrecipient selected for testing, there was no review or approval over the monitoring procedures performed by ICWDO monitoring staff. The entire population of one (1) subrecipient. • The following information was not provided at the time of the subaward for one (1) of the one (1) subaward selected for testing: o Federal award identification number o Federal award date of award to recipient by the Federal agency o Name of federal awarding agency o Federal Financial Assistance Listing/CFDA Number o Identification of whether the award is research and development • The County did not document their evaluation of each subrecipient’s risk of noncompliance Cause: The County’s ICWDO department does not have a formal procedure in place for the department’s review and approval over the monitoring procedures performed by the department over its subrecipients. The ICWDO department did not ensure that the required award information and applicable requirements were communicated to the subrecipients and did not maintain documentation of their evaluation of each subrecipient’s risk of noncompliance. Effect: The County’s ICWDO department did not review and approve monitoring procedures performed over its subrecipients. Additionally, the ICWDO department did not maintain policies and procedures to align with the Subrecipient Monitoring requirements in 2 CFR 200.332 (a) and 200.332(b). Identification as a Repeat Finding, If Applicable: Yes. See Finding 2021-008. Questioned Costs: No questioned costs were identified. Recommendation: Social Services should continue to monitor compliance with its policies to ensure case workers follow the established guidelines for redetermination of the recipients of need and amount of assistance and retain acceptable documentation to support the determinations. View of Responsible Officials and Planned Corrective Action: See separate Corrective Action Plan.
Finding 2022-006 Internal Control and Compliance over Subrecipient Monitoring Information on the Federal Program: Assistance Listing Number(s): 17.258, 17.259, 17.278 Federal Program Name: Workforce Innovation and Opportunity Act (WIOA) Federal Agency: U.S. Department of Labor Pass-Through Entity: California Employment Development Department Federal Award Number and Award Year: AA311008 - FY21-22 Criteria: Title 2 - Grants and Agreements. Subtitle A - Office of Management and Budget Guidance for Grants and Agreements. Chapter II - Office of Management and Budget Guidance. Part 200 - Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Subpart D - Post Federal Award Requirements. Standards for Financial and Program Management. §200.303 Internal controls (2 CFR 200.303): The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Title 2: Grants and Agreements, Subtitle A - Office of Management and Budget Guidance for Grants and Agreements, Chapter II - Office of Management and Budget Guidance, Part 200 - Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards Subpart D - Post Federal Award Requirements, Subrecipient Monitoring and Management, §200.331 Requirements for pass-through entities (2 CFR 200.331): All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: (1) Federal award identification. i. Subrecipient name (which must match the name associated with its unique entity identifier); ii. Subrecipient's unique entity identifier; iii. Federal Award Identification Number (FAIN); iv. Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; v. Subaward Period of Performance Start and End Date; vi. Subaward Budget Period Start and End Date; vii. Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; viii. Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; ix. Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; x. Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); xi. Name of Federal awarding agency, pass-through entity, and contact information for awarding xii. Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; xiii. Identification of whether the award is R&D; and xiv. Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414.; (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; (3) Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports; Title 2: Grants and Agreements, Subtitle A - Office of Management and Budget Guidance for Grants and Agreements, Chapter II - Office of Management and Budget Guidance, Part 200 - Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards Subpart D - Post Federal Award Requirements, Subrecipient Monitoring and Management, §200.332 Requirements for pass-through entities (2 CFR 200.332): All pass-through entities must: (a) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). Condition: During our testing of the Imperial County Workforce Development Office’s (ICWDO) provisions for subrecipient monitoring under the WIOA Cluster, we noted the following instances: For one (1) of the one (1) subrecipient selected for testing, there was no review or approval over the monitoring procedures performed by ICWDO monitoring staff. The entire population of one (1) subrecipient. • The following information was not provided at the time of the subaward for one (1) of the one (1) subaward selected for testing: o Federal award identification number o Federal award date of award to recipient by the Federal agency o Name of federal awarding agency o Federal Financial Assistance Listing/CFDA Number o Identification of whether the award is research and development • The County did not document their evaluation of each subrecipient’s risk of noncompliance Cause: The County’s ICWDO department does not have a formal procedure in place for the department’s review and approval over the monitoring procedures performed by the department over its subrecipients. The ICWDO department did not ensure that the required award information and applicable requirements were communicated to the subrecipients and did not maintain documentation of their evaluation of each subrecipient’s risk of noncompliance. Effect: The County’s ICWDO department did not review and approve monitoring procedures performed over its subrecipients. Additionally, the ICWDO department did not maintain policies and procedures to align with the Subrecipient Monitoring requirements in 2 CFR 200.332 (a) and 200.332(b). Identification as a Repeat Finding, If Applicable: Yes. See Finding 2021-008. Questioned Costs: No questioned costs were identified. Recommendation: Social Services should continue to monitor compliance with its policies to ensure case workers follow the established guidelines for redetermination of the recipients of need and amount of assistance and retain acceptable documentation to support the determinations. View of Responsible Officials and Planned Corrective Action: See separate Corrective Action Plan.
2022-006 Subaward Monitoring Federal Program: Research and Development Cluster (ALN 47.041, Award Period 9/1/19 – 8/31/22) Federal Agency: National Science Foundation Criteria: Written documentation pertaining to the identification, risk assessment of and monitoring of sub awardees was not available as required by 2 CFR 200.331-333. Condition: The Organization lacked documentation to indicate compliance with subaward monitoring responsibilities required Per 2 CFR 200.331-333, including the policies and procedures to identify and assess risks and monitor subaward recipients as required by grant recipients. Cause: The Organization lacked written policies and procedures to execute appropriate subaward monitoring responsibilities. Effect: The organization is not compliant with 2 CFR 200.331-333 which requires the Organization to monitor that the sub awardee is maintaining adequate financial reporting, recordkeeping and compliance with respect to funds received. The Organization could not document sub-awardee risk assessment or monitoring or reviewed debarment or suspension of the sub-awardee. Identification as a repeat finding, if applicable: The finding is a repeat of Finding 2021-007 in the prior year. Recommendation: We recommend the Organization establish policy and procedures to document how sub awardees are selected, monitored and perform required risk assessment pertaining to the selection of the sub awardee. Response: The Organization will establish appropriate procedures for sub awardee monitoring. Questioned Costs: None
Criteria Pursuant to Title 2, Subtitle A Chapter II, Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (the Uniform Guidance), “a non-Federal entity may concurrently receive Federal awards as a recipient, subrecipient, and a contractor, depending on the substance of its agreements with the Federal awarding agencies and pass-through entities. Therefore, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor.” Condition We noted that the Organization did not make case-by-case determinations of each agreement with parties to which the Organization passed through Federal program funds to determine whether they were deemed to be either subrecipients or contractors. Cause Management had not updated its policies and procedures to incorporate the relevant Uniform Guidance subrecipient monitoring and management policies. Effect The lack of subrecipient monitoring and management policies of the Uniform Guidance could result in noncompliance by the Organization with the stipulated requirements for pass-through entities, as well as noncompliance of subrecipient requirements by the entities receiving the pass-through funds from the Organization. Recommendation We recommend that the Organization incorporate the subrecipient monitoring and management provisions of 2 CFR §200.331 and 2 CFR §200.332 of the Uniform Guidance to their policies and procedures manual to ensure compliance with Federal standards. Views of Responsible Officials and Planned Corrective Action The Organization concurs with the recommendation. As part of our current policies and procedures review and revision process, we plan to incorporate the subrecipient monitoring and management provision of 2 CFR§ 200.331 and 2 CFR §200.332 of the Uniform Guidance to emphasize accountability and compliance in managing federal funds and subrecipients. Specifically and prospectively, effective November 1, 2024, the Organization’s practices will include: 1. Using a checklist for the determination of subrecipient or contractor classification as guidance, perform a comprehensive risk assessment before entering into any subrecipient agreement. 2. Provide identification details such as CFDA number, amount of federal funds obligated, and the award period for determined subrecipient awards. 3. Require subrecipients to submit programmatic and financial reports as specified in the subrecipient agreement. 4. As part of the subrecipient process, ensure subrecipients that expend $750,000 or more in federal funds during a fiscal year undergo a single audit in accordance with 2 CFR Part 200, Subpart F. Review their audit reports and address any findings related to their federal awards, taking appropriate corrective actions. Retroactively, for the audit periods July 1, 2022 – June 30, 2023 and July 1, 2023 – June 30, 2024, the Organization will perform a risk assessment of the existing subrecipient portfolio during this period to identify high-priority risks. The objective of this risk assessment review is to identify, evaluate, and prioritize risks that could adversely impact the Organization’s ability to achieve its strategic, operational, and quality assurance goals, ensuring that all products, services, and processes align with established standards and fulfill processes. The above reflects the current planned practices of the Organization and the overall financial policies and procedures are in the process of being updated to align to the subrecipient monitoring and management provision of 2 CFR §200.331 and 2 CFR §200.332 of the Uniform Guidance. The Organization has prioritized the completion and distribution of the updated financial policies and procedures by December 31, 2024.
Criteria Pursuant to Title 2, Subtitle A Chapter II, Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (the Uniform Guidance), “a non-Federal entity may concurrently receive Federal awards as a recipient, subrecipient, and a contractor, depending on the substance of its agreements with the Federal awarding agencies and pass-through entities. Therefore, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor.” Condition We noted that the Organization did not make case-by-case determinations of each agreement with parties to which the Organization passed through Federal program funds to determine whether they were deemed to be either subrecipients or contractors. Cause Management had not updated its policies and procedures to incorporate the relevant Uniform Guidance subrecipient monitoring and management policies. Effect The lack of subrecipient monitoring and management policies of the Uniform Guidance could result in noncompliance by the Organization with the stipulated requirements for pass-through entities, as well as noncompliance of subrecipient requirements by the entities receiving the pass-through funds from the Organization. Recommendation We recommend that the Organization incorporate the subrecipient monitoring and management provisions of 2 CFR §200.331 and 2 CFR §200.332 of the Uniform Guidance to their policies and procedures manual to ensure compliance with Federal standards. Views of Responsible Officials and Planned Corrective Action The Organization concurs with the recommendation. As part of our current policies and procedures review and revision process, we plan to incorporate the subrecipient monitoring and management provision of 2 CFR§ 200.331 and 2 CFR §200.332 of the Uniform Guidance to emphasize accountability and compliance in managing federal funds and subrecipients. Specifically and prospectively, effective November 1, 2024, the Organization’s practices will include: 1. Using a checklist for the determination of subrecipient or contractor classification as guidance, perform a comprehensive risk assessment before entering into any subrecipient agreement. 2. Provide identification details such as CFDA number, amount of federal funds obligated, and the award period for determined subrecipient awards. 3. Require subrecipients to submit programmatic and financial reports as specified in the subrecipient agreement. 4. As part of the subrecipient process, ensure subrecipients that expend $750,000 or more in federal funds during a fiscal year undergo a single audit in accordance with 2 CFR Part 200, Subpart F. Review their audit reports and address any findings related to their federal awards, taking appropriate corrective actions. Retroactively, for the audit periods July 1, 2022 – June 30, 2023 and July 1, 2023 – June 30, 2024, the Organization will perform a risk assessment of the existing subrecipient portfolio during this period to identify high-priority risks. The objective of this risk assessment review is to identify, evaluate, and prioritize risks that could adversely impact the Organization’s ability to achieve its strategic, operational, and quality assurance goals, ensuring that all products, services, and processes align with established standards and fulfill processes. The above reflects the current planned practices of the Organization and the overall financial policies and procedures are in the process of being updated to align to the subrecipient monitoring and management provision of 2 CFR §200.331 and 2 CFR §200.332 of the Uniform Guidance. The Organization has prioritized the completion and distribution of the updated financial policies and procedures by December 31, 2024.
Criteria Pursuant to Title 2, Subtitle A Chapter II, Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (the Uniform Guidance), “a non-Federal entity may concurrently receive Federal awards as a recipient, subrecipient, and a contractor, depending on the substance of its agreements with the Federal awarding agencies and pass-through entities. Therefore, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor.” Condition We noted that the Organization did not make case-by-case determinations of each agreement with parties to which the Organization passed through Federal program funds to determine whether they were deemed to be either subrecipients or contractors. Cause Management had not updated its policies and procedures to incorporate the relevant Uniform Guidance subrecipient monitoring and management policies. Effect The lack of subrecipient monitoring and management policies of the Uniform Guidance could result in noncompliance by the Organization with the stipulated requirements for pass-through entities, as well as noncompliance of subrecipient requirements by the entities receiving the pass-through funds from the Organization. Recommendation We recommend that the Organization incorporate the subrecipient monitoring and management provisions of 2 CFR §200.331 and 2 CFR §200.332 of the Uniform Guidance to their policies and procedures manual to ensure compliance with Federal standards. Views of Responsible Officials and Planned Corrective Action The Organization concurs with the recommendation. As part of our current policies and procedures review and revision process, we plan to incorporate the subrecipient monitoring and management provision of 2 CFR§ 200.331 and 2 CFR §200.332 of the Uniform Guidance to emphasize accountability and compliance in managing federal funds and subrecipients. Specifically and prospectively, effective November 1, 2024, the Organization’s practices will include: 1. Using a checklist for the determination of subrecipient or contractor classification as guidance, perform a comprehensive risk assessment before entering into any subrecipient agreement. 2. Provide identification details such as CFDA number, amount of federal funds obligated, and the award period for determined subrecipient awards. 3. Require subrecipients to submit programmatic and financial reports as specified in the subrecipient agreement. 4. As part of the subrecipient process, ensure subrecipients that expend $750,000 or more in federal funds during a fiscal year undergo a single audit in accordance with 2 CFR Part 200, Subpart F. Review their audit reports and address any findings related to their federal awards, taking appropriate corrective actions. Retroactively, for the audit periods July 1, 2022 – June 30, 2023 and July 1, 2023 – June 30, 2024, the Organization will perform a risk assessment of the existing subrecipient portfolio during this period to identify high-priority risks. The objective of this risk assessment review is to identify, evaluate, and prioritize risks that could adversely impact the Organization’s ability to achieve its strategic, operational, and quality assurance goals, ensuring that all products, services, and processes align with established standards and fulfill processes. The above reflects the current planned practices of the Organization and the overall financial policies and procedures are in the process of being updated to align to the subrecipient monitoring and management provision of 2 CFR §200.331 and 2 CFR §200.332 of the Uniform Guidance. The Organization has prioritized the completion and distribution of the updated financial policies and procedures by December 31, 2024.
Criteria Pursuant to Title 2, Subtitle A Chapter II, Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (the Uniform Guidance), “a non-Federal entity may concurrently receive Federal awards as a recipient, subrecipient, and a contractor, depending on the substance of its agreements with the Federal awarding agencies and pass-through entities. Therefore, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor.” Condition We noted that the Organization did not make case-by-case determinations of each agreement with parties to which the Organization passed through Federal program funds to determine whether they were deemed to be either subrecipients or contractors. Cause Management had not updated its policies and procedures to incorporate the relevant Uniform Guidance subrecipient monitoring and management policies. Effect The lack of subrecipient monitoring and management policies of the Uniform Guidance could result in noncompliance by the Organization with the stipulated requirements for pass-through entities, as well as noncompliance of subrecipient requirements by the entities receiving the pass-through funds from the Organization. Recommendation We recommend that the Organization incorporate the subrecipient monitoring and management provisions of 2 CFR §200.331 and 2 CFR §200.332 of the Uniform Guidance to their policies and procedures manual to ensure compliance with Federal standards. Views of Responsible Officials and Planned Corrective Action The Organization concurs with the recommendation. As part of our current policies and procedures review and revision process, we plan to incorporate the subrecipient monitoring and management provision of 2 CFR§ 200.331 and 2 CFR §200.332 of the Uniform Guidance to emphasize accountability and compliance in managing federal funds and subrecipients. Specifically and prospectively, effective November 1, 2024, the Organization’s practices will include: 1. Using a checklist for the determination of subrecipient or contractor classification as guidance, perform a comprehensive risk assessment before entering into any subrecipient agreement. 2. Provide identification details such as CFDA number, amount of federal funds obligated, and the award period for determined subrecipient awards. 3. Require subrecipients to submit programmatic and financial reports as specified in the subrecipient agreement. 4. As part of the subrecipient process, ensure subrecipients that expend $750,000 or more in federal funds during a fiscal year undergo a single audit in accordance with 2 CFR Part 200, Subpart F. Review their audit reports and address any findings related to their federal awards, taking appropriate corrective actions. Retroactively, for the audit periods July 1, 2022 – June 30, 2023 and July 1, 2023 – June 30, 2024, the Organization will perform a risk assessment of the existing subrecipient portfolio during this period to identify high-priority risks. The objective of this risk assessment review is to identify, evaluate, and prioritize risks that could adversely impact the Organization’s ability to achieve its strategic, operational, and quality assurance goals, ensuring that all products, services, and processes align with established standards and fulfill processes. The above reflects the current planned practices of the Organization and the overall financial policies and procedures are in the process of being updated to align to the subrecipient monitoring and management provision of 2 CFR §200.331 and 2 CFR §200.332 of the Uniform Guidance. The Organization has prioritized the completion and distribution of the updated financial policies and procedures by December 31, 2024.
Criteria Pursuant to Title 2, Subtitle A Chapter II, Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (the Uniform Guidance), “a non-Federal entity may concurrently receive Federal awards as a recipient, subrecipient, and a contractor, depending on the substance of its agreements with the Federal awarding agencies and pass-through entities. Therefore, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor.” Condition We noted that the Organization did not make case-by-case determinations of each agreement with parties to which the Organization passed through Federal program funds to determine whether they were deemed to be either subrecipients or contractors. Cause Management had not updated its policies and procedures to incorporate the relevant Uniform Guidance subrecipient monitoring and management policies. Effect The lack of subrecipient monitoring and management policies of the Uniform Guidance could result in noncompliance by the Organization with the stipulated requirements for pass-through entities, as well as noncompliance of subrecipient requirements by the entities receiving the pass-through funds from the Organization. Recommendation We recommend that the Organization incorporate the subrecipient monitoring and management provisions of 2 CFR §200.331 and 2 CFR §200.332 of the Uniform Guidance to their policies and procedures manual to ensure compliance with Federal standards. Views of Responsible Officials and Planned Corrective Action The Organization concurs with the recommendation. As part of our current policies and procedures review and revision process, we plan to incorporate the subrecipient monitoring and management provision of 2 CFR§ 200.331 and 2 CFR §200.332 of the Uniform Guidance to emphasize accountability and compliance in managing federal funds and subrecipients. Specifically and prospectively, effective November 1, 2024, the Organization’s practices will include: 1. Using a checklist for the determination of subrecipient or contractor classification as guidance, perform a comprehensive risk assessment before entering into any subrecipient agreement. 2. Provide identification details such as CFDA number, amount of federal funds obligated, and the award period for determined subrecipient awards. 3. Require subrecipients to submit programmatic and financial reports as specified in the subrecipient agreement. 4. As part of the subrecipient process, ensure subrecipients that expend $750,000 or more in federal funds during a fiscal year undergo a single audit in accordance with 2 CFR Part 200, Subpart F. Review their audit reports and address any findings related to their federal awards, taking appropriate corrective actions. Retroactively, for the audit periods July 1, 2022 – June 30, 2023 and July 1, 2023 – June 30, 2024, the Organization will perform a risk assessment of the existing subrecipient portfolio during this period to identify high-priority risks. The objective of this risk assessment review is to identify, evaluate, and prioritize risks that could adversely impact the Organization’s ability to achieve its strategic, operational, and quality assurance goals, ensuring that all products, services, and processes align with established standards and fulfill processes. The above reflects the current planned practices of the Organization and the overall financial policies and procedures are in the process of being updated to align to the subrecipient monitoring and management provision of 2 CFR §200.331 and 2 CFR §200.332 of the Uniform Guidance. The Organization has prioritized the completion and distribution of the updated financial policies and procedures by December 31, 2024.