2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-004 Program: Foster Care Title IV-E Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2401CAFOST and 2024, 2301CAFOST and 2023 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). The California Department of Social Services further clarifies in its County Fiscal Letter No. 23/24- 80 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any followup to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management) Condition: The Social Services Agency (SSA) did not maintain documentation that the subrecipient risk assessment or the monitoring activity tracker was reviewed. Cause: The SSA department did not document its review of the subrecipient risk assessment or the monitoring activity tracker. Effect: The County’s control policies were not consistently followed and documented. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of twelve (12) out of fifty-eight (58) subrecipients were sampled, which included seven (7) Foster Family Agency, four (4) Short Term Residential Therapeutic Programs, and one (1) Transitional Housing Placement-Plus Foster Care types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2023-001. Recommendation: We recommend that the County ensure the review over subrecipient monitoring activity is appropriately documented. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-004 Program: Foster Care Title IV-E Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2401CAFOST and 2024, 2301CAFOST and 2023 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). The California Department of Social Services further clarifies in its County Fiscal Letter No. 23/24- 80 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any followup to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management) Condition: The Social Services Agency (SSA) did not maintain documentation that the subrecipient risk assessment or the monitoring activity tracker was reviewed. Cause: The SSA department did not document its review of the subrecipient risk assessment or the monitoring activity tracker. Effect: The County’s control policies were not consistently followed and documented. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of twelve (12) out of fifty-eight (58) subrecipients were sampled, which included seven (7) Foster Family Agency, four (4) Short Term Residential Therapeutic Programs, and one (1) Transitional Housing Placement-Plus Foster Care types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2023-001. Recommendation: We recommend that the County ensure the review over subrecipient monitoring activity is appropriately documented. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-004 Program: Foster Care Title IV-E Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2401CAFOST and 2024, 2301CAFOST and 2023 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). The California Department of Social Services further clarifies in its County Fiscal Letter No. 23/24- 80 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any followup to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management) Condition: The Social Services Agency (SSA) did not maintain documentation that the subrecipient risk assessment or the monitoring activity tracker was reviewed. Cause: The SSA department did not document its review of the subrecipient risk assessment or the monitoring activity tracker. Effect: The County’s control policies were not consistently followed and documented. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of twelve (12) out of fifty-eight (58) subrecipients were sampled, which included seven (7) Foster Family Agency, four (4) Short Term Residential Therapeutic Programs, and one (1) Transitional Housing Placement-Plus Foster Care types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2023-001. Recommendation: We recommend that the County ensure the review over subrecipient monitoring activity is appropriately documented. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-004 Program: Foster Care Title IV-E Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2401CAFOST and 2024, 2301CAFOST and 2023 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). The California Department of Social Services further clarifies in its County Fiscal Letter No. 23/24- 80 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any followup to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management) Condition: The Social Services Agency (SSA) did not maintain documentation that the subrecipient risk assessment or the monitoring activity tracker was reviewed. Cause: The SSA department did not document its review of the subrecipient risk assessment or the monitoring activity tracker. Effect: The County’s control policies were not consistently followed and documented. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of twelve (12) out of fifty-eight (58) subrecipients were sampled, which included seven (7) Foster Family Agency, four (4) Short Term Residential Therapeutic Programs, and one (1) Transitional Housing Placement-Plus Foster Care types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2023-001. Recommendation: We recommend that the County ensure the review over subrecipient monitoring activity is appropriately documented. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-004 Program: Foster Care Title IV-E Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2401CAFOST and 2024, 2301CAFOST and 2023 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). The California Department of Social Services further clarifies in its County Fiscal Letter No. 23/24- 80 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any followup to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management) Condition: The Social Services Agency (SSA) did not maintain documentation that the subrecipient risk assessment or the monitoring activity tracker was reviewed. Cause: The SSA department did not document its review of the subrecipient risk assessment or the monitoring activity tracker. Effect: The County’s control policies were not consistently followed and documented. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of twelve (12) out of fifty-eight (58) subrecipients were sampled, which included seven (7) Foster Family Agency, four (4) Short Term Residential Therapeutic Programs, and one (1) Transitional Housing Placement-Plus Foster Care types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2023-001. Recommendation: We recommend that the County ensure the review over subrecipient monitoring activity is appropriately documented. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
Finding 2024-001 – U.S. Department of the Treasury – COVID-19 Justice Advisory Council Gun Violence Prevention and Reduction Program, 21.027 MATERIAL WEAKNESS – SUBRECIPIENT MONITORING Compliance Requirement: Subrecipient Monitoring Criteria: As defined in 2 CFR section 200.332, a pass-through entity (“PTE”) must document the risk assessment of each subrecipient and document monitoring activities performed. Condition: Documentation to evidence compliance with federal regulations related to performing risk assessment of subrecipient and performing certain monitoring activities could not be substantiated. Cause: Lack of formal written documentation to evidence subrecipient risk assessment and monitoring activities were performed. Effect: CCSJJC has not implemented appropriate internal controls to ensure the appropriate subrecipient monitoring activities for each subrecipient are performed. Questioned Costs: None Context: CCSJJC is obtaining and reviewing subrecipient expenditures to determine that expenditures are allowable under compliance requirements. However, we were unable to substantiate that formal written procedures related to evaluating the fraud risk and risk of noncompliance, and procedures related to monitoring of subrecipients, including review of financial statements and review of audit findings, were performed. Recommendation: We recommend that CCSJJC implement an internal control to ensure risk assessment and monitoring procedures are performed and formal written documentation is maintained that evidences its compliance with required subrecipient monitoring activities in accordance with 2 CFR 200. Management’s Response: Due to this being the first Single Audit CCSJJC had encountered and the fact that we were not required to provide certain documentation regarding federal guidelines as a whole, CCSJJC will accept the find. CCSJJC will consider the finding and its content and submit a Corrective Action Plan to cure this finding. We will also take this finding as future guidance in the negotiation process with subrecipients, both from a federal and state perspective to ensure full compliance is achieved.
Finding 2024-001 – U.S. Department of the Treasury – COVID-19 Justice Advisory Council Gun Violence Prevention and Reduction Program, 21.027 MATERIAL WEAKNESS – SUBRECIPIENT MONITORING Compliance Requirement: Subrecipient Monitoring Criteria: As defined in 2 CFR section 200.332, a pass-through entity (“PTE”) must document the risk assessment of each subrecipient and document monitoring activities performed. Condition: Documentation to evidence compliance with federal regulations related to performing risk assessment of subrecipient and performing certain monitoring activities could not be substantiated. Cause: Lack of formal written documentation to evidence subrecipient risk assessment and monitoring activities were performed. Effect: CCSJJC has not implemented appropriate internal controls to ensure the appropriate subrecipient monitoring activities for each subrecipient are performed. Questioned Costs: None Context: CCSJJC is obtaining and reviewing subrecipient expenditures to determine that expenditures are allowable under compliance requirements. However, we were unable to substantiate that formal written procedures related to evaluating the fraud risk and risk of noncompliance, and procedures related to monitoring of subrecipients, including review of financial statements and review of audit findings, were performed. Recommendation: We recommend that CCSJJC implement an internal control to ensure risk assessment and monitoring procedures are performed and formal written documentation is maintained that evidences its compliance with required subrecipient monitoring activities in accordance with 2 CFR 200. Management’s Response: Due to this being the first Single Audit CCSJJC had encountered and the fact that we were not required to provide certain documentation regarding federal guidelines as a whole, CCSJJC will accept the find. CCSJJC will consider the finding and its content and submit a Corrective Action Plan to cure this finding. We will also take this finding as future guidance in the negotiation process with subrecipients, both from a federal and state perspective to ensure full compliance is achieved.
Finding 2024-001 – U.S. Department of the Treasury – COVID-19 Justice Advisory Council Gun Violence Prevention and Reduction Program, 21.027 MATERIAL WEAKNESS – SUBRECIPIENT MONITORING Compliance Requirement: Subrecipient Monitoring Criteria: As defined in 2 CFR section 200.332, a pass-through entity (“PTE”) must document the risk assessment of each subrecipient and document monitoring activities performed. Condition: Documentation to evidence compliance with federal regulations related to performing risk assessment of subrecipient and performing certain monitoring activities could not be substantiated. Cause: Lack of formal written documentation to evidence subrecipient risk assessment and monitoring activities were performed. Effect: CCSJJC has not implemented appropriate internal controls to ensure the appropriate subrecipient monitoring activities for each subrecipient are performed. Questioned Costs: None Context: CCSJJC is obtaining and reviewing subrecipient expenditures to determine that expenditures are allowable under compliance requirements. However, we were unable to substantiate that formal written procedures related to evaluating the fraud risk and risk of noncompliance, and procedures related to monitoring of subrecipients, including review of financial statements and review of audit findings, were performed. Recommendation: We recommend that CCSJJC implement an internal control to ensure risk assessment and monitoring procedures are performed and formal written documentation is maintained that evidences its compliance with required subrecipient monitoring activities in accordance with 2 CFR 200. Management’s Response: Due to this being the first Single Audit CCSJJC had encountered and the fact that we were not required to provide certain documentation regarding federal guidelines as a whole, CCSJJC will accept the find. CCSJJC will consider the finding and its content and submit a Corrective Action Plan to cure this finding. We will also take this finding as future guidance in the negotiation process with subrecipients, both from a federal and state perspective to ensure full compliance is achieved.
NONCOMPLIANCE WITH SUBRECIPIENT MONITORING REQUIREMENTS, CORONAVIRUS STATE AND LOCAL FISCAL RECOVERY FUNDS, AL No. 21.027, GRANT No. AM-23-0211 Criteria: Per the 2024 OMB compliance supplement, subrecipient monitoring is required by pass-through entities for all SLFRF funded projects. Among other activities, Treasury considers the following activities to be part of subrecipient monitoring: • Ensuring that the subrecipient has access to information about public programs relevant to the subrecipient’s duties necessary to ensure that subaward performance goals are achieved. • Ensuring that the subrecipient has access to information about projects operated by other subrecipients, necessary to ensure that subaward performance goals are achieved. • Ensuring deliverables and payment are within the approved scope of the subaward. • Responding to inquiries about the interpretation of subrecipient responsibilities under the subaward • Processing and correcting invoices. • Taking remedial action necessary to prevent the subrecipient from failing to perform its responsibilities under the subaward. Condition: The county did perform subrecipient monitoring activities over the program as required by Treasury guidelines. Cause: The county does not have policies and procedures in place that allow it to comply with subrecipient monitoring requirements outlined in the Uniform Guidance and Treasury guidelines. Effect: Non-compliance with program terms and conditions. Questioned Costs: None Recommendation: The requirements for subrecipient monitoring for the subaward are contained in 31 USC 7502(f)(2) (Single Audit Act Amendments of 1996 (Pub. L. No. 104-156)), 2 CFR sections 200.332, and 200.501(h); federal awarding agency regulations; and the terms and conditions of the award. Management should develop procedures that will ensure compliance with the requirements. Views of responsible officials and planned corrective action: The government agrees with this finding and will adhere to the attached corrective action plan.
Criteria Part 2 CFR Part 200, Subpart D, section 200.332 illustrates requirements related to the Agency passing funds through to subrecipients. Pass through entities must “Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statues, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved”. Condition The Agency did not have any formal controls or procedures in place for subrecipient monitoring for the STOP School Violence program or the Healthy Marriage Promotion and Responsible Fatherhood Grants until the end of the fiscal year under audit. As such, controls were not in place for the majority of the fiscal year. Cause Lack of implementation of proper policies and procedures to verify compliance with the subrecipient monitoring requirements identified in 2 CFR 200.332. Repeat Finding Yes. Refer to prior year findings 2023-003 and 2023-004. Effect The Agency did not maintain policies and procedures in accordance with the subrecipient monitoring requirements identified in 2 CFR 200.332 over the full fiscal year under audit. Noncompliance may impact future funding from federal and state resources. Recommendation We recommend the Agency implement policies and procedures to ensure compliance with subrecipient monitoring requirements, as outlined in 2 CFR 200.332. Management Response and Corrective Action Plan See attached corrective action plan.
Criteria Part 2 CFR Part 200, Subpart D, section 200.332 illustrates requirements related to the Agency passing funds through to subrecipients. Pass through entities must “Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statues, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved”. Condition The Agency did not have any formal controls or procedures in place for subrecipient monitoring for the STOP School Violence program or the Healthy Marriage Promotion and Responsible Fatherhood Grants until the end of the fiscal year under audit. As such, controls were not in place for the majority of the fiscal year. Cause Lack of implementation of proper policies and procedures to verify compliance with the subrecipient monitoring requirements identified in 2 CFR 200.332. Repeat Finding Yes. Refer to prior year findings 2023-003 and 2023-004. Effect The Agency did not maintain policies and procedures in accordance with the subrecipient monitoring requirements identified in 2 CFR 200.332 over the full fiscal year under audit. Noncompliance may impact future funding from federal and state resources. Recommendation We recommend the Agency implement policies and procedures to ensure compliance with subrecipient monitoring requirements, as outlined in 2 CFR 200.332. Management Response and Corrective Action Plan See attached corrective action plan.
Criteria Part 2 CFR Part 200, Subpart D, section 200.332 illustrates requirements related to the Agency passing funds through to subrecipients. Pass through entities must “Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statues, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved”. Condition The Agency did not have any formal controls or procedures in place for subrecipient monitoring for the STOP School Violence program or the Healthy Marriage Promotion and Responsible Fatherhood Grants until the end of the fiscal year under audit. As such, controls were not in place for the majority of the fiscal year. Cause Lack of implementation of proper policies and procedures to verify compliance with the subrecipient monitoring requirements identified in 2 CFR 200.332. Repeat Finding Yes. Refer to prior year findings 2023-003 and 2023-004. Effect The Agency did not maintain policies and procedures in accordance with the subrecipient monitoring requirements identified in 2 CFR 200.332 over the full fiscal year under audit. Noncompliance may impact future funding from federal and state resources. Recommendation We recommend the Agency implement policies and procedures to ensure compliance with subrecipient monitoring requirements, as outlined in 2 CFR 200.332. Management Response and Corrective Action Plan See attached corrective action plan.
Criteria Part 2 CFR Part 200, Subpart D, section 200.332 illustrates requirements related to the Agency passing funds through to subrecipients. Pass through entities must “Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statues, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved”. Condition The Agency did not have any formal controls or procedures in place for subrecipient monitoring for the STOP School Violence program or the Healthy Marriage Promotion and Responsible Fatherhood Grants until the end of the fiscal year under audit. As such, controls were not in place for the majority of the fiscal year. Cause Lack of implementation of proper policies and procedures to verify compliance with the subrecipient monitoring requirements identified in 2 CFR 200.332. Repeat Finding Yes. Refer to prior year findings 2023-003 and 2023-004. Effect The Agency did not maintain policies and procedures in accordance with the subrecipient monitoring requirements identified in 2 CFR 200.332 over the full fiscal year under audit. Noncompliance may impact future funding from federal and state resources. Recommendation We recommend the Agency implement policies and procedures to ensure compliance with subrecipient monitoring requirements, as outlined in 2 CFR 200.332. Management Response and Corrective Action Plan See attached corrective action plan.
Criteria Part 2 CFR Part 200, Subpart D, section 200.332 illustrates requirements related to the Agency passing funds through to subrecipients. When passing funds to subrecipients, the Agency must clearly identify to the subrecipient as a subaward, and include certain key information at the time of the subaward. These items include, but are not limited to, subrecipient name, subrecipient’s unique entity identifier, Federal Award Identification Number, Federal Award Date, Subaward Period of Performance Start and End Date, name of Federal awarding agency, and Assistance Listings number and title. Condition While performing our audit of the Agency’s subrecipient monitoring, we noted the Agency did not include all required elements in documentation to the subrecipient at the time of the subaward. Cause The Agency has not implemented sufficient internal control policies to adhere to the requirements of Uniform Guidance. Repeat Finding Yes. Refer to prior year finding 2023-001. Effect Noncompliance may impact future funding from federal and state awarding agencies. Recommendation We recommend the Agency update their agreements with each subrecipient to properly reflect each of the required elements included in Part 2 CFR Part 200, Subpart D, section 200.332.
Criteria Part 2 CFR Part 200, Subpart D, section 200.332 illustrates requirements related to the Agency passing funds through to subrecipients. Pass through entities must “Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statues, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved”. Condition The Agency did not have any formal controls or procedures in place for subrecipient monitoring for the STOP School Violence program or the Healthy Marriage Promotion and Responsible Fatherhood Grants until the end of the fiscal year under audit. As such, controls were not in place for the majority of the fiscal year. Cause Lack of implementation of proper policies and procedures to verify compliance with the subrecipient monitoring requirements identified in 2 CFR 200.332. Repeat Finding Yes. Refer to prior year findings 2023-003 and 2023-004. Effect The Agency did not maintain policies and procedures in accordance with the subrecipient monitoring requirements identified in 2 CFR 200.332 over the full fiscal year under audit. Noncompliance may impact future funding from federal and state resources. Recommendation We recommend the Agency implement policies and procedures to ensure compliance with subrecipient monitoring requirements, as outlined in 2 CFR 200.332. Management Response and Corrective Action Plan See attached corrective action plan.
2024-037 Oregon Business Development Department Assign responsibility to ensure review of subrecipient audit reports Federal Awarding Agency: U.S. Department of the Treasury Assistance Listing Number and Name: 21.027 Coronavirus State and Local Fiscal Recovery Fund (COVID-19) Federal Award Numbers and Years: SLFRP4454, 2020 (COVID-19) Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency; Noncompliance Prior Year Findings: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332(e)(2), (e)(3), (g), (h), (i); 2 CFR 200.521(a), (c), (d) Federal regulations require recipients of federal awards ensure their subrecipients expending $750,000 or more during fiscal years prior to October 1, 2024, are audited according to requirements in 2 CFR 200 Subpart F, and then to perform certain actions dependent upon audit results. To satisfy this requirement, the Department of Administrative Services assigns Oregon state departments to be audit agencies. An audit agency is to: • Ensure the subrecipient received an audit or consider sanctions per 2 CFR 200.339. • Ensure the subrecipient takes corrective action on all findings negatively affecting subawards. • Issue a management decision within six months of the Federal Audit Clearinghouse’s acceptance of the subrecipient’s audit report if there were findings pertaining to the agency’s subawards. • Contact other state agencies that have also passed through funds to the subrecipients (contributing agencies), alerting them to findings related to their programs. In fiscal year 2024, DAS assigned OBDD to review 24 of the state’s 369 subrecipients’ audits, receiving a total of $42.3 million in pass-through funding from 11 state agencies. OBDD did not review any of these entities due to staff turnover. We reviewed two of these subrecipients and found neither had audit findings. This does not preclude the remaining 22 subrecipients from having audit findings requiring communication We recommend department management complete its review of subrecipient audits as soon as possible to ensure its monitoring procedures are sufficient, and to inform contributing agencies of any deficiencies that may affect their programs.
2024-030 Oregon Department of Education Perform regular fiscal monitoring as part of subrecipient monitoring Federal Awarding Agency: U.S. Department of Education Assistance Listing Number and Name: 84.027 Special Education Grants to States (Special Education Cluster) Federal Award Numbers and Years: H027A230095, 2024; H027A230095-23A, 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency, Noncompliance Prior Year Findings: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332(e) As part of our audit of the Special Education Grants to States program (program) at the Oregon Department of Education (department), we reviewed the department’s procedures for monitoring subrecipients to ensure program compliance. The department has several layers to the subrecipient monitoring requirements and has procedures to perform programmatic reviews, fiscal reviews, and other reviews based upon a risk assessment. For the fiscal monitoring, the department has a procedure in place to ensure that every subrecipient is reviewed at least once every three years, with approximately one-third of the subrecipients reviewed each year. In our testing, we reviewed a sample of seven of the 67 subrecipients that were scheduled for review in fiscal year 2024. In our initial sample, we found that one of the seven was not monitored during the year. We expanded our testing by selecting another ten subrecipients and the department could not provide support that the review was completed for nine of the ten. Per discussion with department staff, the specific subrecipient in our original sample had not had a fiscal review since January 2021. The fiscal monitoring was not performed as the subrecipient had not drawn funds from a specific grant period prior to the review process, although they had drawn from previous grant awards during the year. Failure to adequately monitor subrecipient compliance and supporting documentation increases the risk of inappropriate spending and noncompliance with federal requirements. We recommend department management ensure subrecipient fiscal monitoring is performed on the schedule set by department policy. We also recommend the department develop a procedure to track the completion of fiscal monitoring.
2024-040 Oregon Department of Emergency Management Assign responsibility to ensure review of subrecipient audit reports Federal Awarding Agency: U.S. Department of Homeland Security Assistance Listing Number and Name: 97.036 Disaster Grants – Public Assistance (Presidentially Declared Disasters) Federal Award Numbers and Years: Multiple Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency; Noncompliance Prior Year Findings: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332(e)(2), (e)(3), (g), (h), (i); 2 CFR 200.521(a), (c), (d) Federal regulations require recipients of federal awards ensure its subrecipients expending $750,000 or more during fiscal years prior to October 1, 2024, are audited according to requirements in 2 CFR 200 Subpart F, and then to perform certain actions dependent upon audit results. To satisfy this requirement, the Department of Administrative Services assigns Oregon state departments to be audit agencies. An audit agency is to: • Ensure the subrecipient received an audit or consider sanctions per 2 CFR 200.339. • Ensure the subrecipient takes corrective action on all findings negatively affecting subawards. • Issue a management decision within six months of the Federal Audit Clearinghouse’s acceptance of the subrecipient’s audit report if there were findings pertaining to the agency’s subawards. • Contact other state agencies that have also passed through funds to the subrecipients (contributing agencies), alerting them to findings related to their programs. In fiscal year 2024, DAS assigned the Oregon Department of Emergency Management (department) to review 27 of the state’s 369 subrecipients’ audits, receiving a total of $176.2 million in pass-through funding from 20 state agencies. The department did not review any of these entities because they determined their other commitments were higher priorities. We reviewed two of these subrecipients and found one expended a total of $36 million and had one audit finding that may affect various federal programs. This subrecipient received pass-through funding from five other contributing agencies who were not informed of the finding. This does not preclude the remaining 25 subrecipients from having audit findings requiring communication to the contributing agencies. We recommend department management complete its review of subrecipient audits as soon as possible to ensure its monitoring procedures are sufficient, and to inform contributing agencies of any deficiencies that may affect their programs.