Finding 2024-015 U.S. Department of Treasury AL No. 21.027 American Rescue Plan Act Material Weakness in Internal Controls and Noncompliance over Subrecipient Monitoring Repeat Finding: No Condition: For 12 out of 40, the unique entity identifier (UEI) was not included in the grant agreement. For 12 out of 40, the Federal Award Identification Number (FAIN) was not included in the grant agreement. For 4 out of 40 selections, the UEI was incorrect on the grant agreement. Criteria: In accordance with 2 CFR §200.303: The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In accordance with 2 CFR §25.300: (a) A recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier. (b) A recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier as described in paragraph (a) of this section. According to 2 CFR §200.332, all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the Federal award identification including the subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), identification of whether the award is R&D and indirect cost rate for the Federal award. According to AM 413-61, Grant Management Financial Reporting, Grant Manager/Program Manager/Director maintains all documentation, either electronic or hard copy, for all Federally funded grants for the term of the grant for a minimum of seven years for review and audit by the granting agency or its designee. Cause: There were no proper controls in place to ensure the subrecipient monitoring requirements of the grant were met. Effect: The City may not be in compliance with the subrecipient monitoring requirements of the grant. Questioned Costs: Unknown. Recommendation: We recommend the City establish and implement controls to maintain compliance with subrecipient monitoring requirements. Auditee Response and Corrective Action Plan: Management agrees with the finding. Refer to the corrective action plan on current findings in Part V of this report. Auditor’s Conclusion: Finding remains as stated.
Reporting – Noncompliance and Material Weakness Finding Number: 2024-003 Assistance Listing Number and Title: AL #21.027 COVID-19 State and Local Fiscal Recovery Funds K-12 School Safety Grant Federal Award Identification Number / Year: OFCC-SS3-34180 Federal Agency: U.S. Department of Treasury Compliance Requirement: Reporting Pass-Through Entity: Ohio Office of Budget and Management Repeat Finding from Prior Audit? No 2 CFR 1000.10 gives regulatory effect to the U.S. Department of Treasury for 2 CFR 200.332 which states, in part, pass-through entities must ensure every subaward includes requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports. The District’s major federal program, COVID-19 State and Local Fiscal Recovery Funds K-12 School Safety Grant Program’s pass-through entity is the Ohio Office of Budget and Management (OBM). The Frequently Asked Questions relating to this program requires recipient schools to complete quarterly financial status reports via the OBM grants portal until they have spent all funds and completed their projects. Additionally, all recipients in the reporting portal are required to separate out expenditures by capitalized or non-capitalized based on the State of Ohio’s capitalization thresholds. The District did not have proper internal controls in place to ensure the accurate completion and submission of the quarterly financial status reports. The District failed to maintain supporting documentation for all quarterly financial reports. Additionally, we noted the following individual errors: • The District failed to maintain documentation of when the reports were submitted, therefore we were unable to determine if the reports were submitted by the required due date; • The reported current period expenditures did not agree to District records for four of the five reports selected for testing (or 80%); • The reported current period obligations encumbered did not agree to District records for one of the five reports selected for testing (or 20%); • The District did not follow the applicable State of Ohio capitalization threshold, therefore expenditures totaling $275,019 were improperly reported as capitalized rather than non-capitalized. Failure to have the proper controls in place to ensure the accurate submission of the quarterly financial status reports could result in the OBM or Treasury taking action against the District for failure to comply with programmatic requirements. The District should implement controls to ensure supporting documentation is maintained for the quarterly expenditure reports in addition to being completed accurately and submitted timely.
Reference Number: 2024-004 Prior Year Finding: 2023-005 Federal Agency: U.S. Department of Agriculture State Agency: Department of Elementary and Secondary Education Federal Program: Child and Adult Care Food Program Assistance Listing Number: 10.558 Award Number and Year: 202323N202044 (10/1/2022 – 9/30/2023) 202323N202044 (10/1/2022 – 9/30/2023) 202323N105044 (10/1/2022 – 9/30/2024) 202423N115044 (10/1/2023 – 9/30/2025) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: 2 CFR section 200.332(a) - Requirements for Pass-Through Entities states, in part, that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes the subrecipient's unique entity identifier. Per 2 CFR section 200.332(e), pass-through entities must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Elementary and Secondary Education (Department) was unable to provide documentation that it issued subawards in compliance with federal regulations. Context: For five of sixty subawards selected for testing, the Department was unable to provide documentation that it had obtained the subrecipient’s Unique Entity Identifier prior to the issuance of the subaward. Questioned costs: Undetermined. Cause: The Department’s procedures were not sufficient to ensure that subawards were issued in compliance with federal regulations. Internal controls did not prevent or detect the exceptions. Effect: Failure to ensure subrecipients have a registered unique entity identification number could result in unauthorized entities receiving program funding. Recommendation: The Department should review and enhance internal controls and procedures to ensure that required information is obtained prior to entering into a subrecipient agreement. Views of responsible officials: There is no disagreement with the finding.
Reference Number: 2024-014 Prior Year Finding: 2023-012 Federal Agency: U.S. Department of Labor State Agency: Executive Office of Labor and Workforce Development Federal Program: WIOA Cluster Assistance Listing Number: 17.258, 17.259, 17.278 Award Number and Year: 24A55AY000057 (4/1/2024 – 6/30/2027), 23A55AY000020 (4/1/2023 – 6/30/2026), 23A55AT000036 (7/1/2023 – 6/30/2026), 23A55AW000048 (7/1/2023 – 6/30/2026), AA-38535-22-55-A-25 (7/1/2022 – 6/30/2025), AA-36325-21-55-A-25 (4/1/2021 – 6/30/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: Per 2 CFR section 200.332(a) - Requirements for Pass-Through Entities states, in part, that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Labor and Workforce Development (Department) omitted required federal award information from subawards it issued to their subrecipients. Context: Six out of seventeen subrecipients were selected for testing. For six of six subawards selected, the subaward agreement did not include the federal award date for when the Federal agency awarded the funds to the prime recipient. Cause: The Department’s procedures were not sufficient to ensure that subawards included all required information in accordance with 2 CFR section 200.332. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Questioned costs: Undetermined. Recommendation: We recommend the Department review and enhance internal controls and procedures to ensure that required information is included in its subawards. Views of Responsible Officials: There is no disagreement with the finding.
Reference Number: 2024-014 Prior Year Finding: 2023-012 Federal Agency: U.S. Department of Labor State Agency: Executive Office of Labor and Workforce Development Federal Program: WIOA Cluster Assistance Listing Number: 17.258, 17.259, 17.278 Award Number and Year: 24A55AY000057 (4/1/2024 – 6/30/2027), 23A55AY000020 (4/1/2023 – 6/30/2026), 23A55AT000036 (7/1/2023 – 6/30/2026), 23A55AW000048 (7/1/2023 – 6/30/2026), AA-38535-22-55-A-25 (7/1/2022 – 6/30/2025), AA-36325-21-55-A-25 (4/1/2021 – 6/30/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: Per 2 CFR section 200.332(a) - Requirements for Pass-Through Entities states, in part, that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Labor and Workforce Development (Department) omitted required federal award information from subawards it issued to their subrecipients. Context: Six out of seventeen subrecipients were selected for testing. For six of six subawards selected, the subaward agreement did not include the federal award date for when the Federal agency awarded the funds to the prime recipient. Cause: The Department’s procedures were not sufficient to ensure that subawards included all required information in accordance with 2 CFR section 200.332. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Questioned costs: Undetermined. Recommendation: We recommend the Department review and enhance internal controls and procedures to ensure that required information is included in its subawards. Views of Responsible Officials: There is no disagreement with the finding.
Reference Number: 2024-014 Prior Year Finding: 2023-012 Federal Agency: U.S. Department of Labor State Agency: Executive Office of Labor and Workforce Development Federal Program: WIOA Cluster Assistance Listing Number: 17.258, 17.259, 17.278 Award Number and Year: 24A55AY000057 (4/1/2024 – 6/30/2027), 23A55AY000020 (4/1/2023 – 6/30/2026), 23A55AT000036 (7/1/2023 – 6/30/2026), 23A55AW000048 (7/1/2023 – 6/30/2026), AA-38535-22-55-A-25 (7/1/2022 – 6/30/2025), AA-36325-21-55-A-25 (4/1/2021 – 6/30/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: Per 2 CFR section 200.332(a) - Requirements for Pass-Through Entities states, in part, that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Labor and Workforce Development (Department) omitted required federal award information from subawards it issued to their subrecipients. Context: Six out of seventeen subrecipients were selected for testing. For six of six subawards selected, the subaward agreement did not include the federal award date for when the Federal agency awarded the funds to the prime recipient. Cause: The Department’s procedures were not sufficient to ensure that subawards included all required information in accordance with 2 CFR section 200.332. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Questioned costs: Undetermined. Recommendation: We recommend the Department review and enhance internal controls and procedures to ensure that required information is included in its subawards. Views of Responsible Officials: There is no disagreement with the finding.
Reference Number: 2024-018 Prior Year Finding: 2023-022 Federal Agency: U.S. Department of Health and Human Services State Agency: Executive Office of Elders Affairs Federal Program: Aging Cluster Assistance Listing Number: 93.044, 93.045, 93.053 Award Number and Year: 2401MAOANS (10/1/2023 - 9/30/2025) 2401MAOASS (10/1/2023 - 9/30/2025) 2401MAOAOM (10/1/2023 - 9/30/2025) 2101MAOAPH (10/1/2020 - 9/30/2023) 2101MAOACM (10/1/2020 - 9/30/2023) 2201MAOAPH (10/1/2021 - 9/30/2024) 2101MASSC6 (4/1/2021 - 9/30/2024) 2101MACMC6 (4/1/2021 - 9/30/2024) 2101MAHDC6 (4/1/2021 - 9/30/2024) 2101MACMC6 (4/1/2021 - 9/30/2024) 2201MAOASS (10/1/2021 - 9/30/2024) 2301MAOASS (10/1/2022 - 9/30/2024) 2201MAOACM (10/1/2021 - 9/30/2024) 2301MAOACM (10/1/2022 - 9/30/2024) 2201MAOAHD (10/1/2021 - 9/30/2024) 2301MAOAHD (10/1/2022 - 9/30/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance Criteria or specific requirement: Compliance: Per 2 CFR section 200.332(a), pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes obtaining the subrecipient’s unique entity identifier. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Elders Affairs (Department) issued subawards that did not contain all required federal information. The Department also did not obtain a subrecipient’s unique entity identifier. Context: Six of six subawards selected for testing did not include the following required federal award information: • Federal Award Identification Number (FAIN); • Federal Award Date; • Name of the Federal agency, pass-through entity, and contact information for awarding official of the pass-through entity; and, • Assistance Listings title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at the time of disbursement. For one of six subrecipients selected for testing, the Department did not obtain the subrecipient’s unique entity identifier prior to issuing the subaward. Questioned costs: Undetermined. Cause: The Department’s procedures and internal controls were not sufficient to ensure that it provided all required federal information to subrecipients and obtained unique entity identifiers for all subrecipients. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. Failure to obtain subrecipients’ unique entity identifiers prevents the Department from properly identifying its subrecipients. Recommendation: The Department should review and enhance internal controls and procedures to ensure that it obtains subrecipients’ unique entity identifiers and that all required information is included in all subaward agreements. Views of Responsible Officials: There is no disagreement with the finding.
Reference Number: 2024-018 Prior Year Finding: 2023-022 Federal Agency: U.S. Department of Health and Human Services State Agency: Executive Office of Elders Affairs Federal Program: Aging Cluster Assistance Listing Number: 93.044, 93.045, 93.053 Award Number and Year: 2401MAOANS (10/1/2023 - 9/30/2025) 2401MAOASS (10/1/2023 - 9/30/2025) 2401MAOAOM (10/1/2023 - 9/30/2025) 2101MAOAPH (10/1/2020 - 9/30/2023) 2101MAOACM (10/1/2020 - 9/30/2023) 2201MAOAPH (10/1/2021 - 9/30/2024) 2101MASSC6 (4/1/2021 - 9/30/2024) 2101MACMC6 (4/1/2021 - 9/30/2024) 2101MAHDC6 (4/1/2021 - 9/30/2024) 2101MACMC6 (4/1/2021 - 9/30/2024) 2201MAOASS (10/1/2021 - 9/30/2024) 2301MAOASS (10/1/2022 - 9/30/2024) 2201MAOACM (10/1/2021 - 9/30/2024) 2301MAOACM (10/1/2022 - 9/30/2024) 2201MAOAHD (10/1/2021 - 9/30/2024) 2301MAOAHD (10/1/2022 - 9/30/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance Criteria or specific requirement: Compliance: Per 2 CFR section 200.332(a), pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes obtaining the subrecipient’s unique entity identifier. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Elders Affairs (Department) issued subawards that did not contain all required federal information. The Department also did not obtain a subrecipient’s unique entity identifier. Context: Six of six subawards selected for testing did not include the following required federal award information: • Federal Award Identification Number (FAIN); • Federal Award Date; • Name of the Federal agency, pass-through entity, and contact information for awarding official of the pass-through entity; and, • Assistance Listings title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at the time of disbursement. For one of six subrecipients selected for testing, the Department did not obtain the subrecipient’s unique entity identifier prior to issuing the subaward. Questioned costs: Undetermined. Cause: The Department’s procedures and internal controls were not sufficient to ensure that it provided all required federal information to subrecipients and obtained unique entity identifiers for all subrecipients. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. Failure to obtain subrecipients’ unique entity identifiers prevents the Department from properly identifying its subrecipients. Recommendation: The Department should review and enhance internal controls and procedures to ensure that it obtains subrecipients’ unique entity identifiers and that all required information is included in all subaward agreements. Views of Responsible Officials: There is no disagreement with the finding.
Reference Number: 2024-018 Prior Year Finding: 2023-022 Federal Agency: U.S. Department of Health and Human Services State Agency: Executive Office of Elders Affairs Federal Program: Aging Cluster Assistance Listing Number: 93.044, 93.045, 93.053 Award Number and Year: 2401MAOANS (10/1/2023 - 9/30/2025) 2401MAOASS (10/1/2023 - 9/30/2025) 2401MAOAOM (10/1/2023 - 9/30/2025) 2101MAOAPH (10/1/2020 - 9/30/2023) 2101MAOACM (10/1/2020 - 9/30/2023) 2201MAOAPH (10/1/2021 - 9/30/2024) 2101MASSC6 (4/1/2021 - 9/30/2024) 2101MACMC6 (4/1/2021 - 9/30/2024) 2101MAHDC6 (4/1/2021 - 9/30/2024) 2101MACMC6 (4/1/2021 - 9/30/2024) 2201MAOASS (10/1/2021 - 9/30/2024) 2301MAOASS (10/1/2022 - 9/30/2024) 2201MAOACM (10/1/2021 - 9/30/2024) 2301MAOACM (10/1/2022 - 9/30/2024) 2201MAOAHD (10/1/2021 - 9/30/2024) 2301MAOAHD (10/1/2022 - 9/30/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance Criteria or specific requirement: Compliance: Per 2 CFR section 200.332(a), pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes obtaining the subrecipient’s unique entity identifier. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Elders Affairs (Department) issued subawards that did not contain all required federal information. The Department also did not obtain a subrecipient’s unique entity identifier. Context: Six of six subawards selected for testing did not include the following required federal award information: • Federal Award Identification Number (FAIN); • Federal Award Date; • Name of the Federal agency, pass-through entity, and contact information for awarding official of the pass-through entity; and, • Assistance Listings title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at the time of disbursement. For one of six subrecipients selected for testing, the Department did not obtain the subrecipient’s unique entity identifier prior to issuing the subaward. Questioned costs: Undetermined. Cause: The Department’s procedures and internal controls were not sufficient to ensure that it provided all required federal information to subrecipients and obtained unique entity identifiers for all subrecipients. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. Failure to obtain subrecipients’ unique entity identifiers prevents the Department from properly identifying its subrecipients. Recommendation: The Department should review and enhance internal controls and procedures to ensure that it obtains subrecipients’ unique entity identifiers and that all required information is included in all subaward agreements. Views of Responsible Officials: There is no disagreement with the finding.
Reference Number: 2024-022 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Public Health Federal Program: Epidemiology and Laboratory Capacity for Infectious Diseases COVID-19 – Epidemiology and Laboratory Capacity for Infectious Diseases Assistance Listing Number: 93.323 Award Number and Year: 6 NU50CK000518 (8/1/2019 – 7/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: 2 CFR section 200.332(a) - Requirements for Pass-Through Entities states, in part, that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Public Health (Department) omitted required federal award information from subawards it issued from the program. Context: For eight of eight subawards selected for testing, the following required information was omitted from the subaward agreements: • Federal Award Identification Number (FAIN) • Federal Award Date • Name of the Federal Agency and contact information for awarding official of the pass-through entity. Cause: The Department’s procedures were not sufficient to ensure that subawards included all required information. Internal controls did not detect or prevent the errors. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Questioned costs: None. Recommendation: We recommend the Department review and enhance procedures and internal controls to ensure that required information is included in its subawards. Views of Responsible Officials: There is no disagreement with the finding.
Reference Number: 2024-022 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Public Health Federal Program: Epidemiology and Laboratory Capacity for Infectious Diseases COVID-19 – Epidemiology and Laboratory Capacity for Infectious Diseases Assistance Listing Number: 93.323 Award Number and Year: 6 NU50CK000518 (8/1/2019 – 7/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: 2 CFR section 200.332(a) - Requirements for Pass-Through Entities states, in part, that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Public Health (Department) omitted required federal award information from subawards it issued from the program. Context: For eight of eight subawards selected for testing, the following required information was omitted from the subaward agreements: • Federal Award Identification Number (FAIN) • Federal Award Date • Name of the Federal Agency and contact information for awarding official of the pass-through entity. Cause: The Department’s procedures were not sufficient to ensure that subawards included all required information. Internal controls did not detect or prevent the errors. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Questioned costs: None. Recommendation: We recommend the Department review and enhance procedures and internal controls to ensure that required information is included in its subawards. Views of Responsible Officials: There is no disagreement with the finding.
Reference Number: 2024-030 Prior Year Finding: 2023-028 Federal Agency: U.S. Department of Health and Human Services State Agency: Executive Office of Housing and Livable Communities Federal Program: Low-Income Home Energy Assistance Assistance Listing Number: 93.568 Award Number and Year: 2301MALIEA (10/1/2022 – 9/30/2024) 2301MALIEE (10/1/2022 – 9/30/2024) 2301MALIEI (10/1/12022 – 9/30/2024) 2401MALIEA (10/1/2023 – 9/30/2025) 2401MALIEE (10/1/2023 – 9/30/2025) 2401MALIEI (10/1/12023 – 9/30/2025) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: 2 CFR section 200.332(a) - Requirements for Pass-Through Entities states, in part, that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Housing and Livable Communities (Department) omitted required federal award information from subawards it issued from the program. Context: Twelve subawards to six subrecipients were selected for testing. For six of twelve subawards issued, the Federal Award Identification Number (FAIN) was not included in the subaward agreements. For twelve of twelve subawards issued, the Federal Award Date was not included in the subaward agreements. Cause: Per discussion with the Department, it has not implemented its corrective action plan from the prior year and intends to include all required federal award information beginning with its federal fiscal year 2025 contracts. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Questioned costs: None. Recommendation: We recommend the Department complete its corrective action plan from the prior year. It should ensure its internal controls and procedures are sufficient to ensure that required information is included in its subawards. Views of Responsible Officials: There is no disagreement with the finding.
Reference Number: 2024-036 Prior Year Finding: 2023-025 Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Public Health (DPH), Executive Office of Housing and Livable Communities (EOHLC) Federal Program: Opioid-STR Assistance Listing Number: 93.788 Award Number and Year: 6H79TI083328 (9/30/2021 – 9/29/2023) 1H79TI085778 (9/30/2021 – 9/29/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance Criteria or specific requirement: Compliance: 2 CFR section 200.332(a) - Requirements for Pass-Through Entities states, in part, that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Public Health (DPH) and the Executive Office of Housing and Livable Communities (EOHLC) omitted required federal award information from subawards issued from the program. Context: Twenty subawards issued to thirteen subrecipients were selected for testing for DPH. Twenty of twenty subawards were missing required federal award information. Specifically, we noted the following: • 20 of 20 subawards were missing the Federal Award Identification Number (FAIN) and the Federal Award Date. • 6 of 20 subawards were missing the clause stating that the Federal Award must be used in accordance with Federal statutes, regulations and the terms and conditions of the Federal Award. • 5 of 20 subawards were missing the Indirect Cost Rate for the Federal Award. • 3 of 20 subawards were missing the Name of the Federal Awarding Agency, the contact information for the awarding official of the pass-through entity, the Assistance Listing Number and Program Name. • 1 of 20 subawards was missing the following: o Amount of Federal Funds Obligated by this action o Total Amount of Federal Funds Obligated o Total Amount of the Federal Award o Federal Award Project Description • 1 of 20 subawards was missing the subrecipient’s unique entity identifier. Five subawards issued to five subrecipients were selected for testing for EOHLC. Five of five subawards were missing the following required federal award information: • Federal Award Identification Number (FAIN) • Federal Award Date • Name of the Federal Awarding Agency and contact information for awarding official of the pass-through entity • Assistance Listing Number and Name Cause: Per discussion with the Department, it has not implemented its corrective action plan from the prior year and intends to include all required federal award information beginning with its federal fiscal year 2025 contracts. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Questioned costs: None. Recommendation: We recommend the Department complete its corrective action plan from the prior year. It should ensure its internal controls and procedures are sufficient to ensure that required information is included in its subawards. Views of Responsible Officials: There is no disagreement with the finding.
Finding No. 2024-032 Federal Awarding Agency: U.S. Department of the Treasury Impact: Material Weakness, Material Noncompliance AL Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) – COVID-19 Federal Award Number: SLFRP0006, SLFRP2633, SLFRP4544 Applicable Compliance Requirement: Subrecipient Monitoring Condition: During FY 24, DCCED staff did not sufficiently monitor the subrecipient tasked with administering the SLFRF Tourism and Other Businesses program. Furthermore, DCCED management did not take action with respect to the subrecipient’s noncompliance with requirements to obtain a single audit. Context: One of the purposes of the federal SLFRF program was to provide funding to address the negative economic impacts of the pandemic. For this purpose, DCCED entered into a contract with a subrecipient to administer $90 million in grants to tourism and other businesses. The contract required the subrecipient to determine eligibility, send payments to eligible businesses, and provide disbursement reports to DCCED for monitoring. This activity created a subrecipient relationship. The audit determined that DCCED’s monitoring of the subrecipient was insufficient on two grounds. 1. DCCED staff did not perform monitoring activities to verify that the subrecipient was correctly determining eligibility, calculating award amounts, or correctly disbursing funds. DCCED staff reviewed reports and participated in meetings regarding issues raised by the subrecipient or participating businesses. However, DCCED staff did not obtain and review detailed FY 24 disbursement reports, or perform a desk review or onsite visit, to verify the subrecipients compliance with SLFRF program requirements. DCCED staff did not reconcile the total amount of funds DCCED advanced to the subrecipient with the total funds disbursed by the subrecipient. 2. Furthermore, DCCED staff did not ensure that the subrecipient obtained a single or program-specific audit. In FY 22 and FY 23 DCCED advanced a total of $77 million to the subrecipient. The Department of Administration, Division of Finance (DOF) compiles the amount of pass-through funds by subrecipient in order to identify and track subrecipients that must obtain a single audit. DOF sent the subrecipient single audit noncompliance letters for FY 22 and FY 23 and added the subrecipient to the State’s “Delinquent Audits” tracking log, which is posted on DOF’s webpage. However, DCCED staff did not verify the subrecipient’s single audit status and took no action to address the noncompliance. The subrecipient did not obtain a single audit for FY 22 and FY 23. Cause: DCCED lacked resources in its Division of Community and Regional Affairs to administer the SLFRF program. As a result, the program was administered by staff within the Commissioner’s Office that lacked adequate training, knowledge, and experience to administer a federal pass-through program. Consequently, DCCED staff administering the program were not fully aware of federal subrecipient monitoring requirements. Criteria: Title 2 CFR 200.303 requires the State to establish and maintain effective internal controls over federal awards that provide reasonable assurance that the State is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Title 2 CFR 200.332(d) requires pass-through entities to monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with statutes, regulations, and the terms and conditions of the subaward. The amount of monitoring should be commensurate with the subrecipient’s fraud risk and risk of noncompliance. Title 2 CFR 200.332(f) requires pass-through entities to verify that a subrecipient is audited as required by Uniform Guidance Subpart F - Audit. When a subrecipient is noncompliant with the single audit requirement, Title 2 CFR 200.505 states that pass-through entities "must take appropriate action." Authorized action includes withholding payments from the subrecipient or terminating the grant per Title 2 CFR 200.339. Effect: Inadequate subrecipient monitoring increases the risk of subrecipient noncompliance with federal statutes, regulations, and the terms and conditions of a program. Subrecipient noncompliance with the terms and conditions of the federal award could result in the State having to repay SLFRF monies to the federal government. Questioned Costs: None Recommendation: DCCED’s commissioner should ensure compliance with federal subrecipient monitoring requirements through adoption of written procedures and staff training. Furthermore, the commissioner should ensure the SLFRF subrecipient obtains single or program-specific audits for all required fiscal years. Views of Responsible Officials: Management agrees with this finding.
Finding No. 2024-032 Federal Awarding Agency: U.S. Department of the Treasury Impact: Material Weakness, Material Noncompliance AL Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) – COVID-19 Federal Award Number: SLFRP0006, SLFRP2633, SLFRP4544 Applicable Compliance Requirement: Subrecipient Monitoring Condition: During FY 24, DCCED staff did not sufficiently monitor the subrecipient tasked with administering the SLFRF Tourism and Other Businesses program. Furthermore, DCCED management did not take action with respect to the subrecipient’s noncompliance with requirements to obtain a single audit. Context: One of the purposes of the federal SLFRF program was to provide funding to address the negative economic impacts of the pandemic. For this purpose, DCCED entered into a contract with a subrecipient to administer $90 million in grants to tourism and other businesses. The contract required the subrecipient to determine eligibility, send payments to eligible businesses, and provide disbursement reports to DCCED for monitoring. This activity created a subrecipient relationship. The audit determined that DCCED’s monitoring of the subrecipient was insufficient on two grounds. 1. DCCED staff did not perform monitoring activities to verify that the subrecipient was correctly determining eligibility, calculating award amounts, or correctly disbursing funds. DCCED staff reviewed reports and participated in meetings regarding issues raised by the subrecipient or participating businesses. However, DCCED staff did not obtain and review detailed FY 24 disbursement reports, or perform a desk review or onsite visit, to verify the subrecipients compliance with SLFRF program requirements. DCCED staff did not reconcile the total amount of funds DCCED advanced to the subrecipient with the total funds disbursed by the subrecipient. 2. Furthermore, DCCED staff did not ensure that the subrecipient obtained a single or program-specific audit. In FY 22 and FY 23 DCCED advanced a total of $77 million to the subrecipient. The Department of Administration, Division of Finance (DOF) compiles the amount of pass-through funds by subrecipient in order to identify and track subrecipients that must obtain a single audit. DOF sent the subrecipient single audit noncompliance letters for FY 22 and FY 23 and added the subrecipient to the State’s “Delinquent Audits” tracking log, which is posted on DOF’s webpage. However, DCCED staff did not verify the subrecipient’s single audit status and took no action to address the noncompliance. The subrecipient did not obtain a single audit for FY 22 and FY 23. Cause: DCCED lacked resources in its Division of Community and Regional Affairs to administer the SLFRF program. As a result, the program was administered by staff within the Commissioner’s Office that lacked adequate training, knowledge, and experience to administer a federal pass-through program. Consequently, DCCED staff administering the program were not fully aware of federal subrecipient monitoring requirements. Criteria: Title 2 CFR 200.303 requires the State to establish and maintain effective internal controls over federal awards that provide reasonable assurance that the State is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Title 2 CFR 200.332(d) requires pass-through entities to monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with statutes, regulations, and the terms and conditions of the subaward. The amount of monitoring should be commensurate with the subrecipient’s fraud risk and risk of noncompliance. Title 2 CFR 200.332(f) requires pass-through entities to verify that a subrecipient is audited as required by Uniform Guidance Subpart F - Audit. When a subrecipient is noncompliant with the single audit requirement, Title 2 CFR 200.505 states that pass-through entities "must take appropriate action." Authorized action includes withholding payments from the subrecipient or terminating the grant per Title 2 CFR 200.339. Effect: Inadequate subrecipient monitoring increases the risk of subrecipient noncompliance with federal statutes, regulations, and the terms and conditions of a program. Subrecipient noncompliance with the terms and conditions of the federal award could result in the State having to repay SLFRF monies to the federal government. Questioned Costs: None Recommendation: DCCED’s commissioner should ensure compliance with federal subrecipient monitoring requirements through adoption of written procedures and staff training. Furthermore, the commissioner should ensure the SLFRF subrecipient obtains single or program-specific audits for all required fiscal years. Views of Responsible Officials: Management agrees with this finding.
Finding No. 2024-037 Federal Awarding Agency: USDHS Impact: Significant Deficiency, Noncompliance AL Number and Title: 97.036 Disaster Grants – Public Assistance (Presidentially Declared Disasters) Federal Award Number: 4646DRAKP00000001, 4661DRAKP00000001, 4672DRAKP00000001, 4730DRAKP00000001 Applicable Compliance Requirement: Subrecipient Monitoring Condition: A review of 16 FY 24 Disaster Grants program subrecipients’ obligating award documents (OAD) found seven did not include all federally required information and one was also missing a completed assurances and agreement form. Context: Effective April 4, 2022, the unique entity identifier (UEI) replaced the Data Universal Numbering System number as the authoritative identifier for entities doing business with the federal government. All federal award recipients are required to have a UEI. DMVA enters into awards with subrecipients using the OAD as the subgrant agreement. The subrecipient’s name and UEI are recorded on the OAD. An assurances and agreement form accompanies the OAD that includes additional federal requirements not included in the OAD. Subrecipients sign the OAD and the assurances and agreement forms certifying and agreeing to the federal requirements. According to DHSEM management, DMVA contractors assisted division staff in completing the OADs with subrecipients and provided project management for the federal disasters. Contractors were needed due to the increased workload resulting from the 2018 Cook Inlet earthquake, COVID-19 pandemic, and state declared disasters. The audit reviewed a random sample of 16 of 143 subrecipients’ OADs, including assurances and agreement forms, and found seven had the following errors: two included a subrecipient’s name that did not match the UEI number provided, of which one also included a period of performance that did not agree with the federally approved project performance period; one did not include a UEI number; one included a name and UEI number that could not be found in the federal system for award management (sam.gov) and did not have the completed assurances and agreement form; and three included a period of performance that did not agree with the federally approved project performance periods. Cause: Due to staff turnover and an increase in workload, DHSEM staff did not monitor contractors to ensure subrecipient information was accurately documented on the OAD, the assurances and agreement form was complete, and information was in sam.gov before issuing the subaward. Furthermore, DHSEM management and contractors lacked procedures to ensure all required information was obtained and documented on the OAD, including adequate DHSEM review procedures. Criteria: Title 2 CFR 200.332 requires pass-through entities ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the required information at the time of the subaward. Required information includes subaward period of performance start and end dates, subrecipient UEI, and the subrecipient’s name, which must match the name associated with the subrecipient’s UEI. Title 2 CFR 200.303(a) requires the State to establish and maintain effective internal controls over federal awards that provide reasonable assurance that the State is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal awards. Effect: Not providing accurate and complete information in the subaward documents increases the risk of subrecipient noncompliance with the terms and conditions of the federal award. Questioned Costs: None Recommendation: DHSEM’s director should develop written procedures and adequately monitor contractors to ensure federally required information is accurately identified on the OAD and completed assurance and agreement forms are received from the subrecipient certifying agreement with federal requirements. Views of Responsible Officials: Management agrees with this finding.
2 CFR 1000.10 gives regulatory effect to the U.S. Department of Treasury for 2 CFR 200.332 which states, in part, pass-through entities must ensure every subaward includes requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports. The grant’s pass-through entity is the Ohio Office of Budget and Management (OBM). State Fiscal Recovery Funds K-12 School Safety Grants Frequently Asked Questions require recipient schools to complete quarterly financial status reports via the OBM grants portal until they have spent all funds and completed their projects. Recipient schools are also required to split their expenditures across their entire district into two categories, capitalized and non-capitalized expenditures. The District did not have proper internal controls in place to ensure the accuracy of the quarterly financial status reports. During testing of quarterly financial status reports for the Coronavirus State and Local Fiscal Recovery Funds (AL #21.027), the District did not report $175,227 of capitalized expenditures as Amount Spent on Real Property / Construction Capitalized Improvements on the July 1, 2023 through September 30, 2023 ($53,952), the October 1, 2023 through December 31, 2023 ($121,113), and the January 1, 2024 through March 31, 2024 ($162) quarterly financial status reports. Failure to have the proper controls in place to ensure the accurate submission of the quarterly financial status reports could result in Treasury taking action against the District for failure to comply with programmatic requirements. The District should implement and have controls in place to ensure the quarterly expenditure reports are accurate.
Federal Grantor: Department of Labor Pass-Through: Iowa Workforce Development Program: Workforce Innovation and Opportunity Act (WIOA) Cluster Award No. and Year: 24-N-CI-WI-OA and 2024 Federal Assistance Listing Number: 17.258, 17.259, 17.278 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). 2 CFR 200.332(d) – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). 2 CFR 200.332(f) – Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. Condition: The County did not have any formal controls in place for evaluating each subrecipient’s risk of noncompliance or the purpose of determining the appropriate subrecipient monitoring for the WIOA Cluster. Cause: The County did not follow their procedures to evaluate the risk of noncompliance or monitor the activities of each subrecipient, and the County did not maintain documentation of their verification that every subrecipient is audited, as required. Effect: The County’s control policies were not consistently followed which require compliance with Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: The entire population of two (2) subrecipients were selected for testing. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County adhere to their policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. Views of Responsible Officials: Management agrees with the finding. See separate corrective action plan.
Federal Grantor: Department of Labor Pass-Through: Iowa Workforce Development Program: Workforce Innovation and Opportunity Act (WIOA) Cluster Award No. and Year: 24-N-CI-WI-OA and 2024 Federal Assistance Listing Number: 17.258, 17.259, 17.278 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). 2 CFR 200.332(d) – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). 2 CFR 200.332(f) – Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. Condition: The County did not have any formal controls in place for evaluating each subrecipient’s risk of noncompliance or the purpose of determining the appropriate subrecipient monitoring for the WIOA Cluster. Cause: The County did not follow their procedures to evaluate the risk of noncompliance or monitor the activities of each subrecipient, and the County did not maintain documentation of their verification that every subrecipient is audited, as required. Effect: The County’s control policies were not consistently followed which require compliance with Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: The entire population of two (2) subrecipients were selected for testing. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County adhere to their policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. Views of Responsible Officials: Management agrees with the finding. See separate corrective action plan.
Federal Grantor: Department of Labor Pass-Through: Iowa Workforce Development Program: Workforce Innovation and Opportunity Act (WIOA) Cluster Award No. and Year: 24-N-CI-WI-OA and 2024 Federal Assistance Listing Number: 17.258, 17.259, 17.278 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). 2 CFR 200.332(d) – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). 2 CFR 200.332(f) – Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. Condition: The County did not have any formal controls in place for evaluating each subrecipient’s risk of noncompliance or the purpose of determining the appropriate subrecipient monitoring for the WIOA Cluster. Cause: The County did not follow their procedures to evaluate the risk of noncompliance or monitor the activities of each subrecipient, and the County did not maintain documentation of their verification that every subrecipient is audited, as required. Effect: The County’s control policies were not consistently followed which require compliance with Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: The entire population of two (2) subrecipients were selected for testing. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County adhere to their policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. Views of Responsible Officials: Management agrees with the finding. See separate corrective action plan.
Finding Number: 2024-003 Program: Housing Opportunities for Persons with AIDS (HOPWA) ALN #: 14.241 Pass-through Entity: N/A- Direct Award Federal Agency: Department of Housing and Urban Development Federal Award Year: July 1, 2023–June 30, 2024 Compliance Requirement: Subrecipient Monitoring Type of finding: Material weakness and material noncompliance Criteria The 2 CFR sections 200.332(d) through (f) provide the principles to be applied to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. According to 2 CFR 200.303, the nonfederal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the nonfederal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework,” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition The City does not have properly designed controls and documented procedures in place to ensure compliance with the following requirements: • Each subrecipients risk of noncompliance is appropriately evaluated. • Appropriate monitoring of the subrecipient based on their risk of noncompliance. • Verification that subrecipients are audited as required when they are expected to exceed the threshold for having a single audit. Cause The City does not have formal written policies, procedures, and internal controls in place to ensure that all required subrecipient monitoring procedures are performed. Proper perspective During our audit, we noted that four of the four subrecipients selected for testing did not have a completed risk assessment to determine their risk of noncompliance. As such, we were unable to determine that the proper level of monitoring was completed throughout the fiscal year over the contracted subrecipient. Additionally, we noted that the audited financial statements were obtained for the four subrecipients selected for testing, but there was no documentation to evidence the nature and extent of the City’s review of the reports obtained. Possible asserted effect Lack of effective controls and written policies and procedures over subrecipient monitoring could result in the City’s noncompliance with program requirements. Questioned costs None Statistical sampling The sample was not intended to be, and was not, a statistically valid sample. Repeat finding Yes, 2023-005 Recommendation We recommend the City establish a checklist or formal documentation requirements for both risk assessments and review of single audit report procedures. Employees can complete these checklists when obtaining and reviewing the documentation. The City should then conclude on and document the subrecipient’s risk of noncompliance based on the checklist to ensure the proper level of monitoring occurs throughout the year. Views of responsible officials and corrective actions The City has addressed this recommendation. The City has updated policies and procedures in place. A standardized Subrecipient Audit Risk Assessment Checklist is in place and a Monitoring Risk Assessment Checklist has also been developed and implemented to guide and document the evaluation of subrecipient risk, review of single audit reports, monitoring. Federal Grants Division staff will complete this checklist during the initial subrecipient review and update it annually. This will ensure consistent documentation of each subrecipient's risk level and corresponding compliance requirements. The process will enable the City to make informed decisions regarding the appropriate level of monitoring for each subrecipient, based on the risk assessment outcomes. This systematic approach enhances accountability, supports audit readiness, and aligns with federal guidance under 2 CFR Part 200. All the agencies/subrecipients have been informed of the upcoming monitoring.
Finding Number: 2024-009 Program: Coronavirus State and Local Fiscal Recovery Funds ALN #: 21.027 Pass-through Entity: N/A- Direct Award Federal Agency: U.S. Department of Treasury Federal Award Year: July 1, 2023–June 30, 2024 Compliance Requirement: Subrecipient Monitoring Type of finding: Material weakness and material noncompliance Criteria The 2 CFR sections 200.332(d) through (f) provide the principles to be applied to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. According to 2 CFR 200.303, the non-federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the nonfederal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework,” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition The City does not have properly designed controls and documented procedures in place to ensure compliance with the following requirements: • Each subrecipients risk of noncompliance is appropriately evaluated. • Verification that subrecipients are audited as required when they are expected to exceed the threshold for having a single audit. • All required elements of the subrecipient contracts are included during execution. Cause The City’s lack of effective internal controls and written policies and procedures have caused the following Proper perspective During the audit, we noted that eight of the nine subrecipient selections did not contain all the required elements of the contract. Additionally, nine of the nine selections completed a risk assessment questionnaire. However, there is no indication that the City reviewed the questionnaires and subsequently concluded on the subrecipient’s risk of noncompliance. We also noted that audited financial statements were obtained for the three subrecipients that required a single audit, but there was no documentation to evidence the nature and extent of the City’s review of the audit reports obtained. Therefore, we were unable to determine if, based on the subrecipient’s risk assessment questionnaire and single audit report, if additional monitoring procedures were required Possible asserted effect Lack of effective controls and written policies and procedures over subrecipient monitoring could result in the City’s noncompliance with program requirements. Questioned costs None Statistical sampling The sample was not intended to be, and was not, a statistically valid sample. Repeat Finding Yes, 2023-009 Recommendation We recommend the City establish a checklist or formal documentation requirements for both risk assessments and review of single audit report procedures. Employees can complete these checklists when obtaining and reviewing the documentation. The City should then conclude on and document the subrecipient’s risk of noncompliance based on the checklist to ensure the proper level of monitoring occurs throughout the year. Views of responsible officials and corrective actions The City has implemented additional controls over subrecipient monitoring by establishing a formal policy to review and document subrecipient qualifications, risk assessments and financial reports and have created subsequent monitoring plans and checklists. noncompliance and control exceptions.
Condition: We tested 100% of the eleven (11) subrecipients and noted the following: • The County failed to adequately monitor the subrecipients. • The contracts did not clearly identify the vendor as a subrecipient relationship. • Funds were not encumbered at the time of the notice to proceed was given to subrecipients. The subrecipients approved by the Board of County Commissioners state that subrecipients or beneficiaries shall provide monthly performance reports until all award funds hereunder have been expended. Through the observation of records, it was determined that monthly performance reports were not submitted each month by entities receiving funding. Cause of Condition: Policies and procedures have not been designed and implemented to ensure federal expenditures are made in accordance with compliance requirements. Effect of Condition: This condition resulted in noncompliance with federal grant guidelines. Recommendation: OSAI recommends the County gain an understanding of the requirements for this program and implement internal controls to ensure compliance with these requirements. Management Response: BOCC Chairman: Board of County Commissioners: The Board of County Commissioners is responsible for the overall fiscal concerns of the county. See OKLA. STAT. Title 19, § 345. The Board of County Commissioners, with the cooperation and participation of all elected officials, reviews, develops and implements policies and procedures to create a strong internal control environment. The Board of County Commissioners will work with all elected officials, the third-party administrator, and federal, state and local partners to develop policies, procedures, and internal controls designed to accurately track grants, including the application process, verification, oversight, and reporting of grant requirements. These policies and procedures will be designed to identify requirements for recipients and sub-recipients of grants, ensure accurate equipment and real property management, procurement, recipient and subrecipient monitoring and reporting. Further, policies will ensure a proper understanding of all grant requirements and compliance of the same. To assist in this process, the Board of County Commissioners engaged a third-party administrator to oversee the grant process, including application, eligibility, review, requirements, contracting, recipient tracking and oversight, and documentation and reporting. The Board of County Commissioners will work with the third-party administrator to ensure proper grant administration. Criteria: 2 CFR 200 §200.332 Requirement for Pass-Through Entities states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the federal award and subaward. (2) All requirements imposed by the pass-through entity on the subrecipient so that the federal award is used in accordance with federal statutes, regulations and the terms and conditions of the federal award. (5) A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient’s records and financial statements as necessary for the pass-through entity to meet the requirements of this part. (6) Appropriate terms and conditions concerning closeout of the subaward.
System of Internal Controls Over Compliance: Subrecipient Monitoring; U.S. Department of Treasury, Assistance Listing #21.027, Coronavirus State and Local Fiscal Recovery Funds, Passed Through State of Nevada Criteria: In accordance with 2 CFR 200.332, the auditee must maintain a system of internal control over compliance to ensure they provide each subrecipient within the required information to identify the award and applicable requirements under the award and to evaluate risk and monitor the activities of each subrecipient to ensure compliance under the award. Condition: The Organization did not appropriately implement internal controls necessary to ensure appropriate documentation was available to support the performance of controls in compliance with 2 CFR 200.332. Context: The Organization did not identify funds being passed through from one subsidiary of the Organization to a second subsidiary in a timely manner and based on this timing did not appropriately document the performance of internal controls over the compliance for subrecipient monitoring. Cause: The Organization did not identify its only subrecipient for this award in a timely manner. Effect: The Organization was not able to properly document its performance of internal controls over most of the requirements outlined in 2 CFR 200.332 for the award based on untimely identification of its subrecipient. Recommendation: We recommend management design and implement a system of internal controls over compliance where consideration of possible subrecipients is considered when the award is being applied for and that well documented and supportable internal controls over subrecipient monitoring are implemented when there are subrecipients identified under an award. Repeat Finding: No Views of Responsible Officials and Planned Corrective Actions: SJRC NV Region is addressing its missing controls related to the requirements of 2 CFR 200.332. We acknowledge that SJRC must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the information required under 2 CFR 200.332 at the time of the subaward all requirements. This includes that every subaward is clearly identified to the subrecipient as a subaward and includes at the time of the subaward and if any data elements change, that there must be an approved subaward modification. We will also ensure we meet the requirements under 2 CFR 200.332 to include our obligations to risk assess and monitor any subrecipients. The timeframe for correction is immediate and full accounting system control improvements will be implemented as part of our 2025 fiscal year-end close.
Federal Agency: United States Department of Agriculture (USDA) Federal Program: 10.558 Child and Adult Care Food Program (CACFP) 2022, 2023, 2024 - CACFP 2022, 2023, 2024 - CACFP-CIL 2023 and 2024 - CACFP-SPON State Agency: Department of Health and Senior Services (DHSS) - Bureau of Community Food and Nutrition Assistance (BCFNA) Type of Finding: A - Internal Control (Significant Deficiency) and Nonmaterial Noncompliance B - Internal Control (Material Weakness) and Material Noncompliance Questioned Costs: Unknown Compliance Requirement: Subrecipient Monitoring As noted in our previous audit, during the year ended June 30, 2024, BCFNA subrecipient risk assessment and monitoring procedures were not in compliance with subrecipient monitoring requirements and were not sufficient to ensure CACFP subrecipient compliance with program requirements. During the year ended June 30, 2024, the BCFNA disbursed approximately $67.6 million to over 780 CACFP subrecipients, which consist of child and adult care centers and sponsors of centers. Disbursements to subrecipients represented approximately 98 percent of the program's expenditures. As part of its pass-through responsibilities, 7 CFR Section 226.6(a)(5), the BCFNA is required to ensure subrecipients effectively operate the program. Regulation 2 CFR Section 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Regulation 2 CFR Section 200.332(d) requires pass-through entities to monitor the activities of the subrecipient as necessary to ensure the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. The BCFNA's subrecipient monitoring process, outlined in the Internal Nutritionist Manual, provides the requirements for monitoring the CACFP facilities/sponsors. The manual provides the planned frequency and type of monitoring activities, monitoring methods, and corrective action requirements. The manual requires the preparation of a risk assessment at the end of each monitoring review that assigns a grade of A, B, B-, or C to the facility/sponsor based on the number and severity of deficiencies and findings. Facilities/sponsors that receive a C grade are determined to be "seriously deficient." The assigned grade determines the required timing of future monitoring reviews of the facility/sponsor. Facilities/sponsors with an A grade will be next monitored in 3 years, a B grade within 2 years, a B- grade within 6 months to 1 year, and a C grade within 90 days. During each monitoring review, BCFNA personnel review documentation supporting a sample of claims during a test month. Any identified errors and associated overclaims/underclaims exceeding established thresholds are recouped/reimbursed in the facility's/sponsor's future claims. When reviews identify noncompliance, facilities/sponsors are required to prepare and submit a Corrective Action Plan (CAP) to the BCFNA. In addition, as noted at finding number 2024-008, the BCFNA relies on these subrecipient monitoring procedures to prevent and detect meal reimbursement claim errors. Monitoring reviews have identified significant issues and claim errors, including some potentially fraudulent activity, and led to over 15 contract terminations in recent years. To test compliance with subrecipient monitoring requirements, and to evaluate the effectiveness of BCFNA monitoring procedures, we reviewed and analyzed a randomly-selected sample of 60 BCFNA monitoring reviews conducted for 60 CACFP facilities/sponsors during the year ended June 30, 2024. While our review found the sample monitoring reviews were performed in accordance with the policies and procedures outlined in the Internal Nutritionist Manual, we identified areas in which these policies and procedures could be strengthened and improved to ensure facilities/sponsors comply with program requirements and submit proper claims. Our review and analysis of the 60 sampled monitoring reviews noted the monitoring reviews identified significant errors, noncompliance, disallowances, and overclaims. Our comparison of the sampled reviews to prior reviews noted deficient facilities/sponsors generally had continued deficiencies and little improvement from prior reviews, as follows: • Of the 60 sampled, 32 facilities/sponsors received an A grade, while 28 received grades of B, B-, or C. • Of the 24 facilities/sponsors that received grades of B, B-, or C, and had a prior review, 21 (88 percent) received the same or lower grade than the prior review. • Of the 4 facilities/sponsors that received a C grade and had a prior review, 2 (50 percent) received the same grade as the prior review, and 2 (50 percent) received a lower grade. • Of the 7 facilities/sponsors that received a C grade, 4 were terminated as a result of the review or as a result of a subsequent 90-day follow-up review. • For 43 of 59 (73 percent) monitoring reviews for which the BCFNA tested claims (with claims totaling $537,466 during the test months), the BCFNA identified overclaims totaling $48,508 and underclaims totaling $10,144, netting to $38,364, or at least 7 percent of the reimbursements tested. A. Risk Assessments The BCFNA prepares and uses risk assessments to determine the extent of monitoring necessary for each facility/sponsor. However, the risk assessments prepared during the year ended June 30, 2024, considered only the previous monitoring review grade (conducted up to 3 years previously), and did not consider other pertinent risk factors outlined in federal regulations. Regulation 2 CFR Section 200.332(b) suggests risk assessments should consider the subrecipient's prior experience with the same or similar subawards, the results of previous audits, whether the subrecipient has new personnel or new or substantially-changed systems, and the extent and results of federal awarding agency monitoring. While federal regulations provide the BCFNA discretion in selecting risk factors to consider, limiting risk assessments to only one risk factor and ignoring other relevant factors hinders the BCFNA's ability to identify red flags and fraud risk factors and properly assess facility/sponsor risk of noncompliance. Sufficient risk assessments are necessary to ensure monitoring reviews are conducted with adequate frequency to help ensure subrecipient compliance with program requirements. Finding classification This finding is classified as a significant deficiency in internal control and nonmaterial noncompliance with the federal subrecipient monitoring requirements regarding risk assessments. As noted in the finding, BCFNA risk assessments prepared during the year ended June 30, 2024, do not meet the spirit of the federal regulation, which suggests the extent and level of monitoring for each subrecipient be based on various risk factors. As a result, there is a risk that monitoring reviews will not be performed as frequently and thoroughly as needed to identify and address subrecipient noncompliance. Because the BCFNA does perform risk assessments for each subrecipient and does monitor the subrecipients with lower grades with more frequency, the finding did not rise to a level of material noncompliance, and was therefore considered nonmaterial noncompliance. Our decisions regarding the classification of the internal control deficiencies were made in accordance with AU-C Section 935, Compliance Audits and the AICPA Audit Guide: Government Auditing Standards and Single Audits (Audit Guide). In addition to the definitions outlined in part B of this finding, the Audit Guide states "[a] significant deficiency in internal control over compliance is a deficiency, or a combination of deficiencies, in internal control over compliance with a type of compliance requirement of a federal program that is less severe than a material weakness in internal control over compliance, yet important enough to merit attention by those charged with governance." Our evaluation of the deficiencies for the possibility and magnitude of potential noncompliance determined the deficiencies are considered a significant deficiency. B. Subrecipient Monitoring Procedures Our review of BCFNA subrecipient monitoring procedures during the year ended June 30, 2024, noted areas that should be strengthened and improved. Corrective action plans BCFNA CAP review procedures were not adequate to ensure facilities/sponsors made and/or planned sufficient corrective actions to address noncompliance, as required by federal regulations. The Internal Nutritionist Manual requires nutritionists to review subrecipient CAPs outlining corrective actions taken or planned for completeness and to ensure the required action items are adequately addressed. However, during the year ended June 30, 2024, this review was generally performed without verifying the accuracy of the CAP information through review of supporting documentation, testing, or other methods. The BCFNA did not require submission of supporting documentation of corrective actions taken or planned. BCFNA officials indicated they may request supporting documentation on occasion depending on the complexity of the finding, and they verify the CAP during 90-day follow-up reviews of "seriously deficient" facilities/sponsors. Of the 60 monitoring reviews in our sample, 49 required a CAP. The monitoring review documentation indicated the CAP was verified during 7 of the 90-day follow-up reviews, but there was no documentation that the nutritionist verified the CAP information for any of the remaining 42 reviews (86 percent of the 49 reviews that required a CAP). Furthermore, our review of monitoring review documentation noted numerous instances in which the prior year CAP indicated a specific deficiency was addressed, but the same deficiency was again noted in the subsequent review. Regulation 2 CFR Section 200.332(d) provides that monitoring must include following up and ensuring the subrecipient takes timely and appropriate action on all deficiencies identified. The USDA CACFP handbook, Monitoring Handbook for State Agencies (USDA Monitoring Handbook), provides that follow-up reviews (on-site or desk reviews of paperwork) may be conducted any time corrective action is required to ensure the facility/sponsor has completely corrected the review findings, according to its approved corrective action response. Example CAP forms included in the USDA Handbook require facilities/sponsors to submit supporting documentation along with the CAP to verify corrections were made or will be implemented. The USDA CACFP handbook, Serious Deficiency, Suspension, & Appeals for State Agencies & Sponsoring Organizations, provides that facilities/sponsors deemed "seriously deficient," must submit additional supporting documentation with the CAP to document that corrective actions have occurred; this might include copies of income eligibility forms, enrollment rosters, staff training documentation, site monitoring reports, menus, child nutrition labels or manufacturers' product analysis sheets or recipes, attendance records, meal count forms, and itemized food receipts. Without verifying information in CAPs submitted, the BCFNA cannot demonstrate compliance with federal regulations and it lacks assurance the facilities/sponsors took timely and appropriate action on all deficiencies identified during monitoring reviews. In addition, there is increased risk that deficiencies will not be corrected and will continue without detection. In August 2024, the BCFNA implemented an electronic system for facilities/sponsors to upload documentation supporting their CAPs. In May 2025, the BCFNA updated the Internal Nutritionist Manual to provide for reviews of the supporting documentation to verify facilities/sponsors implemented corrective action. Claims testing The Internal Nutritionist Manual and monitoring practices provide for testing of a sample of claims within only 1 test month during each monitoring review, and do not provide for expanded testing when significant errors are identified. BCFNA personnel indicated monitoring reviews are limited to only 1 test month because the USDA Monitoring Handbook does not require expanded testing of records beyond 1 month. While the BCFNA performs additional testing during 90-day follow-up reviews for facilities/sponsors deemed "seriously deficient," additional testing is not performed in any other situation. For example, one facility had a 33 percent overpayment rate and received a B grade while another facility had a 100 percent overpayment rate and received a B- grade; however, additional testing was not performed for either facility. The USDA Monitoring Handbook suggests testing activities during 1 test month, and also suggests the state agency may determine additional review is warranted and review records beyond the test month to determine the extent of the noncompliance. When significant errors are identified, additional testing would help BCFNA nutritionists determine the extent that instances of noncompliance are isolated versus pervasive. Such information would be valuable to the overall conclusions and grade assigned to the review, and in decisions regarding subsequent monitoring. Overclaim recoupment BCFNA subrecipient monitoring procedures do not provide for identification and pursuit of recoupment of all overpayments associated with errors identified during monitoring reviews. When overclaims due to noncompliance with eligibility requirements are identified during monitoring reviews, the BCFNA only identifies and seeks recoupment for the overclaims made during the test month. Overclaims associated with eligibility errors begin at the time the eligibility determination was made and continue until the error is discovered. Although the BCFNA is aware noncompliance occurred during the month(s) before the test month, the BCFNA does not attempt to identify those overclaims. In addition, when a facility/sponsor is terminated, the BCFNA does not always identify or seek recoupment of overclaim amounts. In our sample of 60 monitoring reviews, the contract for 1 sponsor was terminated as a result of a 90-day follow-up review. For this sponsor, in the review prior to the 90-day follow-up review, the BCFNA identified and recouped overclaims totaling $2,278, or 100 percent of total claims tested. In the subsequent 90-day follow-up review significant claim errors were identified in the test month claims, which totaled $1,961; however, the test month claims were not fully tested, and overclaims were not identified or recouped. Any overclaims not identified and recouped from this terminated sponsor would be considered questioned costs; however, those questioned costs are unknown. BCFNA officials indicated they do not pursue recoupment of overclaims beyond the test month because this practice is allowed by the USDA. They indicated they pursue recoupment of overclaims for facilities/sponsors with terminated contracts on a case-by-case basis, considering various factors. However, 7 CFR Section 226.14 provides that state agencies shall disallow and recover any portion of a claim for reimbursement not properly payable, including claims not made in accordance with recordkeeping requirements. Pursuing full recoupment would hold facilities/sponsors accountable for all overclaims and would serve as a deterrent to future errors, noncompliance, and overclaims. Furthermore, without procedures to identify and recoup all overclaims, there is a risk that significant overclaims will go undetected and unrecouped, and questioned costs could be significant. Conclusions In addition to complying with federal requirements, strong subrecipient monitoring procedures are necessary to ensure facilities/sponsors comply with program requirements, submit proper claims, and address deficiencies identified. Without strong internal controls, there is increased risk of noncompliance, errors, fraud, waste, and abuse of federal funds. Strong monitoring procedures would ensure facilities/sponsors are held accountable for, and correct, errors and noncompliance identified. Regulation 2 CFR Section 200.332(g) requires pass-through entities to consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. Furthermore, 2 CFR Section 200.303(a) requires the non-federal entity to "[e]stablish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-federal entity is managing that Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in Standards for Internal Control in the Federal Government, issued by the Comptroller General of the United States or the Internal Control Integrated Framework, issued by the Committee of Sponsoring Organizations of the Treadway Commission." Finding classification This finding is classified as a material weakness in internal control and material noncompliance with the federal subrecipient monitoring requirements. Our audit of the BCFNA's compliance with federal subrecipient monitoring requirements concluded the BCFNA did not materially comply with federal requirements to ensure subrecipients effectively operate the CACFP and to monitor the activities of the subrecipient as necessary to ensure the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. This conclusion is based on the facts, deficiencies, and noncompliance stated in the finding, including the following: (1) Disbursements to subrecipients represented approximately 98 percent of the CACFP expenditures. (2) BCFNA subrecipient monitoring reviews identified significant errors, noncompliance, disallowances, and overclaims; and deficiencies identified often continued for years with little improvement from review to review. The 7 percent subrecipient payment error rate identified by the BCFNA, which exceeds our audit materiality threshold of 4 percent, along with the high rate of continued noncompliance, serve as indicators of the ineffectiveness of the BCFNA monitoring process. (3) The BCFNA did not comply with specific components of federal subrecipient monitoring requirements, including properly following up and ensuring subrecipients take timely and appropriate action on all deficiencies identified and disallowing and recovering improper payments. (4) Multiple deficiencies in monitoring procedures were identified, including the previously-listed deficiencies and inadequate payment testing. In conducting a single audit in accordance with 2 CFR Part 200 (Uniform Guidance), auditors are required by 2 CFR Section 200.514(d)(1)(2), to determine whether the auditee has complied with federal statutes, regulations, and the terms and conditions of federal awards that may have a direct and material effect on each of its major programs, as outlined in the OMB Compliance Supplement. While compliance with the USDA CACFP handbooks was considered in the our audit, our conclusion on compliance is based on the BCFNA's compliance with the federal statutes and regulations, as required. Our decisions regarding the classification of the internal control deficiencies were made in accordance with AU-C Section 935, Compliance Audits and the Audit Guide. The Audit Guide provides the following definitions regarding internal control deficiencies: A deficiency in internal control over compliance exists when the design or operation of a control over compliance does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, noncompliance with a type of compliance requirement of a federal program on a timely basis. A material weakness in internal control over compliance is a deficiency, or combination of deficiencies, in internal control over compliance, such that there is a reasonable possibility that material noncompliance with a type of compliance requirement of a federal program will not be prevented, or detected and corrected, on a timely basis. "A reasonable possibility exists when the likelihood of the event is either reasonably possible or probable…" Reasonably possible is "[t]he chance of the future event or events occurring is more than remote but less than likely." Probable means "[t]he future event or events are likely to occur." The failure to design and implement adequate controls and procedures over subrecipient monitoring led to material noncompliance with the subrecipient monitoring requirements. The BCFNA's controls failed to develop an effective subrecipient monitoring process that ensures subrecipients use subawards for authorized purposes, comply with the terms and conditions of the subawards, and achieve performance goals. Because the internal control deficiencies have not been corrected, it is probable that the material noncompliance will continue. For these reasons, the deficiencies are considered a material weakness. Recommendations The DHSS through the BCFNA: A. Implement a CACFP subrecipient risk assessment process that is consistent with federal regulations. B. Review, strengthen, and enforce subrecipient monitoring procedures to ensure CACFP facilities/sponsors comply with program requirements, submit proper claims, and address deficiencies identified. The BCFNA should enhance procedures to provide for identification and recoupment of overclaims associated with all errors identified during monitoring reviews, as required by federal regulations; expand testing when significant errors are identified; and continue to verify CAP information. The DHSS should identify and recoup the overclaims for the terminated sponsor noted in this finding. Auditee's Response A. We disagree with the auditor's finding. Our Corrective Action Plan includes an explanation and specific reasons for our disagreement. B. We disagree with the auditor's finding. Our Corrective Action Plan includes an explanation and specific reasons for our disagreement. Auditor's Comment The DHSS Corrective Action Plan (CAP) states the DHSS disagrees with the finding because, while the prior year finding (finding number 2023-013) was partially sustained by the USDA - Food and Nutrition Service (USDA-FNS), a corrective action plan was accepted and deemed adequate by the USDA-FNS. The CAP also states in April 2025, the USDA-FNS recommended final action to close the prior year finding. These statements are not accurate. April and June 2025 emails from USDA-FNS officials to the DHSS regarding the prior audit finding, provided to auditors by DHSS officials, indicate the finding was sustained; corrective action was required, taken, and validated by the USFA-FNS; and final action was approved by the USDA-FNS on June 10, 2025. It is unclear why the DHSS considers the prior year finding to be only partially sustained when the Summary Schedule of Prior Audit Findings, which was also prepared by the DHSS, states the finding was sustained. Except for the information mentioned in the audit finding regarding subrecipient corrective action plans, the DHSS did not provide the State Auditor's Office information regarding corrective action taken. Any new procedures would have been implemented after the audit period, and will be subject to subsequent audits. Because the DHSS took no corrective action prior to or during the audit period, this finding is valid.
Federal Agency: Department of the Treasury (Treasury) Federal Program: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds SLFRP4542 State Agency: Office of Administration (OA) Type of Finding: A - Internal Control (Material Weakness) and Material Noncompliance B - Internal Control (Material Weakness) and Material Noncompliance Compliance Requirement: Subrecipient Monitoring As noted in our previous audit, the OA has not established policies and procedures regarding monitoring subrecipients of the Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program. As a result, the OA did not comply with the Uniform Guidance (UG) requirements regarding identifying and monitoring subrecipients of the SLFRF program. The OA is the lead agency responsible for administering the SLFRF program. The purpose of the SLFRF program is to provide funding to respond to the COVID-19 public health emergency (PHE) or its negative impacts; respond to workers performing essential work during the PHE; provide government services, to the extent of the reduction in revenue due to the PHE (revenue replacement); make necessary investments in water, sewer, or broadband infrastructure; provide emergency relief from natural disasters or the negative economic impacts of natural disasters; and finance certain surface transportation and housing projects. The OA and various state agencies designed projects within the various allowable SLFRF program categories, and are responsible for administering the projects. The OA developed the American Rescue Plan Act Grant Management Portal (portal) to serve as the official repository of information and documentation supporting each SLFRF program project. The state agencies upload supporting documentation to the portal, including contracts, payment requests, and other supporting documentation. Most payments are made on a reimbursement basis. The OA reviews each payment request and processes the payments. Some SLFRF program projects are administered through subawards. The OA establishes contracts with each subrecipient that outline various SLFRF program requirements, terms, and conditions. In the Schedule of Expenditures of Federal Awards (SEFA), the OA reported approximately $186 million was passed through to subrecipients of the SLFRF program during the year ended June 30, 2024. This amount represents approximately 30 percent of the SLFRF program expenditures. These awards were administered through the OA and 7 other state agencies. However, as noted in finding point A., the amounts are not accurate due to subrecipient determination errors. In response to our prior audit finding, the OA held a training for state agency personnel in August 2024 and sent a letter to state agencies in January 2025 (after the current audit period), covering agency responsibilities related to certain SLFRF program subrecipient monitoring requirements, such as subrecipient determinations and single audits. Of the 7 state agencies that administered subawards reported in the SEFA during the year ended June 30, 2024, 4 administered the majority of the subawards, with payments totaling approximately $181 million, or 97 percent of the total subrecipient payments reported in the SEFA. These 4 state agencies were the Department of Mental Health (DMH), Department of Higher Education and Workforce Development (DHEWD), Department of Natural Resources (DNR), and the Department of Economic Development (DED). Our review and testing of subrecipient monitoring procedures focused on the OA and the 4 state agencies. For the 4 state agencies, a total of 212 recipients were identified as subrecipients in the SEFA. However, as noted in finding point A., this count is not accurate due to subrecipient determination errors. To understand the OA and state agency procedures, and to test compliance with subrecipient monitoring requirements, we randomly selected a sample of payments to 21 subrecipients for the 4 state agencies. In addition, we judgmentally selected an additional subrecipient at one of the agencies because we had received citizen concerns regarding the administration of the subrecipient project. The 22 subrecipients were awarded a total of approximately $230 million in SLFRF program funding and were paid a total of approximately $77.9 million during the year ended June 30, 2024. We reviewed records in the portal supporting the subawards and 1 payment for each of the 22 subrecipients. We reviewed payments totaling approximately $5.9 million. For the judgmentally-selected subrecipient, we reviewed documentation of the state agency's monitoring of the subrecipient, including documentation of decisions to terminate (June 2024), not reinstate (December 2024), and reinstate (June 2025) the project. No significant issues were identified in this review. A. Subrecipient Determination The OA has not established policies and procedures to determine whether recipients of the SLFRF program funds are subrecipients or contractors. As a result, some recipients were incorrectly classified, and the OA lacks a complete and accurate listing of subrecipients. Subrecipient monitoring requirements are outlined in the UG. Regulation 2 CFR Section 200.331 states a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. The classification of a subrecipient is dependent on whether the entity is responsible for making eligibility determinations for assistance, has its performance measured in relation to whether the objectives of the federal program were met, has responsibility for programmatic decision-making, is responsible for adherence to federal program requirements, and uses the federal funds to carry out a program for its public purpose. The OA did not evaluate each SLFRF program recipient for the UG criteria, and did not make a determination of whether the entity was a subrecipient or contractor. OA officials assigned responsibility for making these determinations and identifying subrecipients to the applicable state agencies, but did not provide clear guidance to the state agencies or ensure the state agencies properly performed and documented the determinations. One of the 4 state agencies had not documented their determinations for any of their sampled subrecipients and another state agency had not documented its determinations for 2 of 4 sampled subrecipients. Our analysis and review of the population of 212 subrecipients identified in the SEFA for the 4 state agencies revealed 1 state agency incorrectly recorded 2 contractors (office supply and electrical supply companies), with payments totaling $6,509, as subrecipients. The OA is the lead agency responsible for administering the SLFRF program. Without adequate procedures over subrecipient or contractor determinations, the OA lacks assurance that its subrecipients have been identified for subrecipient monitoring purposes. The OA Corrective Action Plan and Summary Schedule of Prior Audit Findings for prior audit finding number 2023-010 state the OA disagrees that it needs to develop policies and procedures regarding subrecipient determinations since the requirements are already stated in the Uniform Guidance and SLFRF program regulations. However, documented policies and procedures are necessary to clearly communicate responsibilities to the state agencies, prevent misunderstandings, and demonstrate adequate internal controls over compliance with subrecipient monitoring requirements. Regulation 2 CFR Section 200.303(a) requires the non-federal entity to "[e]stablish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in Standards for Internal Control in the Federal Government, issued by the Comptroller General of the United States or the Internal Control Integrated Framework, issued by the Committee of Sponsoring Organizations of the Treadway Commission." Paragraph 3.10 of the Standards for Internal Control in the Federal Government, also known as the Green Book, states, "[e]ffective documentation assists in management's design of internal control by establishing and communicating the who, what, when, where, and why of internal control execution to personnel. Documentation also provides a means to retain organizational knowledge and mitigate the risk of having that knowledge limited to a few personnel, as well as a means to communicate that knowledge as needed to external parties, such as external auditors." Paragraph 12.01 states, "[m]anagement should implement control activities through policies." B. Subrecipient Monitoring The OA did not implement an effective subrecipient monitoring program to monitor the SLFRF subrecipients. As a result, some subrecipient monitoring procedures were not performed as required by the UG. Regulation 2 CFR Section 200.332(b) states that pass-through entities must evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Risk assessments may consider factors such as the subrecipient's prior experience with the same or similar subawards, the results of previous audits, whether the subrecipient has new personnel or new or substantially-changed systems, and the extent and results of federal awarding agency monitoring. Regulation 2 CFR Section 200.332(d) requires pass-through entities to monitor the activities of the subrecipient as necessary to ensure the subrecipient is in compliance with federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity; (2) following up and ensuring the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address single audit findings related to the particular subaward; and (3) issuing a management decision for applicable findings pertaining only to the federal award provided to the subrecipient from the pass-through entity. Regulation 2 CFR Section 200.332(f) requires pass-through entities to verify that every subrecipient had a single audit when it is expected that the subrecipient spent $750,000 or more during the subrecipient's fiscal year. To monitor subrecipients of the SLFRF program, the OA relies on its pre-payment monitoring process. The OA does not perform any post-payment monitoring procedures, and relies on the state agencies to perform these procedures. The OA did not establish policies and procedures over the pre-payment review process and these reviews were not always clearly documented. In addition, the OA did not sufficiently communicate with the state agencies regarding subrecipient monitoring responsibilities or ensure the state agencies performed monitoring reviews. The information communicated to the state agencies in memos, emails, and periodic meetings and trainings with state agency personnel were not formalized in a policy and did not cover all relevant compliance requirements. In addition, the OA did not ensure risk assessments were performed or that subrecipients received single audits as required by the UG. Risk assessments The OA did not ensure required risk assessments for subrecipients of the SLFRF program were performed to determine the nature, timing, and extent of monitoring procedures necessary. Two of the 4 state agencies did not perform any risk assessments for the sampled subrecipients. OA officials indicated risk assessment procedures are the responsibility of the state agencies; however, the OA did not provide clear guidance to the state agencies or ensure the state agencies performed and used risk assessments as required. In addition to complying with federal requirements, risk assessments are necessary to ensure monitoring reviews are conducted with adequate frequency to help ensure subrecipient compliance with program requirements. OA pre-payment monitoring procedures The OA has not developed policies and procedures outlining its pre-payment monitoring procedures and did not always clearly document monitoring performed prior to making payments. In their review and approval of each SLFRF subrecipient payment request, OA officials stated they thoroughly review supporting documentation uploaded to the portal by the state agencies, including contracts, bid documentation, invoices, and other supporting documentation. OA officials further stated they review for compliance with certain types of SLFRF program compliance requirements, including allowable activities and allowable costs, procurement, and period of performance. However, the OA does not clearly document review procedures performed. For each of the 22 subrecipients sampled, the portal included documentation pertaining to some, but not all of the applicable compliance requirements. For example, for 5 subrecipient payments reviewed (for 2 state agencies), the portal included summary invoices, but did not include sufficiently detailed documentation showing compliance with the allowable activities and allowable costs and period of performance compliance requirements. Without documented policies and procedures and documentation of prepayment monitoring procedures performed, the OA cannot demonstrate subrecipient monitoring procedures were performed. Additional monitoring procedures The OA does not monitor subrecipients beyond the pre-payment monitoring process previously described. OA officials stated post-payment monitoring procedures are the responsibility of the state agencies; however, the OA did not sufficiently communicate with the agencies regarding subrecipient monitoring responsibilities or ensure the agencies performed monitoring reviews. Our review of subrecipient monitoring procedures at the 4 state agencies noted 3 agencies had developed written policies or procedures regarding subrecipient monitoring. We also noted state agency review procedures varied significantly, did not cover all significant compliance requirements, and were not always documented. While officials of some state agencies indicated they perform detailed pre-payment reviews for compliance with allowable activities and allowable costs, period of performance, and/or local match requirements, officials of some agencies explained they and the OA sometimes review only summary invoices of expenditures from the subrecipients prior to payment. Additionally, officials of all state agencies described various post-payment review procedures such as reviews for compliance with certain requirements, reviews of documentation supporting expenditures of funds advanced to the subrecipient, billing reviews of documentation supporting summary invoices, and/or reviews of the final work product; however, none of the agencies performed all of these procedures. In addition, the agencies could not always provide documentation such reviews had been performed for the sampled items. In addition to noncompliance with subrecipient monitoring requirements, the failure to ensure sufficient monitoring procedures were performed and documented increases the risk that subrecipient noncompliance will not be prevented or detected timely. Subrecipient audits The OA did not ensure the required reviews of single audit reports for applicable SLFRF program subrecipients were conducted. OA officials indicated the state agencies are responsible for ensuring subrecipients had a single audit, and reviewing and following up on the audit reports; however, the OA did not ensure the state agencies performed these procedures. All 4 agencies described procedures to monitor and follow up on single audit reports. Each subrecipient that spent in excess of $750,000 in federal awards during its fiscal year must obtain a single audit in accordance with the UG within 9 months after the end of the fiscal year. In addition to noncompliance with subrecipient monitoring requirements, the failure to ensure subrecipients received required audits and to review and follow up on the related audit reports, increases the risk that subrecipient noncompliance will not be identified and addressed. Conclusions The following table summarizes the results of our sampling at the 4 state agencies, presented in finding points A. and B. Instances in which a criterion was partially met are shown as the applicable number of items sampled. The OA is the lead agency responsible for administering the SLFRF program. OA officials indicated the state agencies were responsible for some of the subrecipient monitoring requirements. However, without clear communication and monitoring of these responsibilities, the OA lacks assurance of compliance with all subrecipient monitoring requirements. Without an established subrecipient monitoring program, the OA cannot provide assurance subrecipients are complying with SLFRF program requirements and there is increased risk that noncompliance with program requirements or subaward terms and conditions will go undetected, or that subaward performance goals will not be achieved. In addition, a subrecipient monitoring program is necessary to demonstrate adequate internal controls over compliance with subrecipient monitoring requirements. Regulation 2 CFR Section 200.303(a) requires the non-federal entity to "[e]stablish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-federal entity is managing that Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in Standards for Internal Control in the Federal Government, issued by the Comptroller General of the United States or the Internal Control Integrated Framework, issued by the Committee of Sponsoring Organizations of the Treadway Commission." Paragraph 3.10 of the Standards for Internal Control in the Federal Government, also known as the Green Book, states, "[e]ffective documentation assists in management's design of internal control by establishing and communicating the who, what, when, where, and why of internal control execution to personnel. Documentation also provides a means to retain organizational knowledge and mitigate the risk of having that knowledge limited to a few personnel, as well as a means to communicate that knowledge as needed to external parties, such as external auditors." Paragraph 12.01 states, "[m]anagement should implement control activities through policies." Recommendations The OA: A. Develop policies and procedures to determine whether recipients of SLFRF program funds are subrecipients or contractors. Continue to work with the state agencies to ensure accurate and documented determinations are prepared for all recipients, and modify subrecipient records as needed. B. Develop a subrecipient monitoring program in accordance with the Uniform Guidance that includes performing risk assessments for each subrecipient for the purposes of determining the appropriate subrecipient monitoring procedures; monitoring for compliance with federal requirements and subaward terms and conditions, and ensuring subaward performance goals are achieved; and reviewing subrecipient single audit reports. Ensure tasks delegated to state agencies are adequately communicated and establish procedures to ensure those tasks are appropriately completed. Auditee's Response A. We partially agree with the auditor's finding. Our Corrective Action Plan includes an explanation and specific reasons for our disagreement and any planned actions to address the finding. B. We agree with the auditor's finding. Our Corrective Action Plan includes our planned actions to address the finding. Auditor's Comment The OA Corrective Action Plan states the OA partially agrees with Finding point A. because the OA completed training for all agencies regarding agency subrecipient monitoring responsibilities and distributed a memo instructing the agencies to develop subrecipient monitoring policies and procedures. However, as noted in the audit finding, the training was held and letter was sent to state agencies after the current audit period. Because the OA took no corrective action prior to or during the audit period, the internal control weaknesses and noncompliance occurred again in the current audit period.
Federal Agency: Department of Homeland Security - Federal Emergency Management Agency (FEMA) Federal Program: 97.036 Disaster Grants - Public Assistance (Presidentially Declared Disasters) 2017 - FEMA-4317-DR-MO 2019 - FEMA-4435-DR-MO and FEMA-4551-DR-MO 2020 - FEMA-4490-DR-MO and FEMA-4452-DR-MO 2021 - FEMA-4612-DR-MO and FEMA-4636-DR-MO 2022 - FEMA-4665-DR-MO 2023 - FEMA-4741-DR-MO 2024 - FEMA-4803-DR-MO State Agency: Department of Public Safety - State Emergency Management Agency (SEMA) Type of Finding: Internal Control (Material Weakness) and Material Noncompliance Compliance Requirement: Subrecipient Monitoring During state fiscal year 2024, the SEMA did not perform subrecipient monitoring reviews or review subrecipient single audit reports for the Disaster Grants - Public Assistance (Presidentially Declared Disasters) (DGPA) as required. The SEMA disbursed approximately $180 million to 320 DGPA program subrecipients during the year ended June 30, 2024. Regulation 2 CFR Section 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Regulation 2 CFR section 200.332(d) requires pass-through entities to monitor the activities of the subrecipient as necessary to ensure the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. Pass-through entities are required to follow up and ensure the subrecipient takes timely and appropriate action on all deficiencies detected through audits, on-site reviews, and other means. Regulation 2 CFR Section 200.332(f) requires pass-through entities to verify that every subrecipient has a single audit when it is expected that the subrecipient spent $750,000 or more during the subrecipient's fiscal year. The SEMA's tiered monitoring process, outlined in the SEMA's Risk Assessment Form and Recovery Division Monitoring Policy, requires risk assessments be performed 24 months after the disaster declaration for each subrecipient. Risk assessments are to evaluate various risk indicators and categorize each subrecipient as high, medium, or low risk. The risk category determines the required type and nature of monitoring required for the subrecipient. The policy requires on-site monitoring reviews for all high-risk subrecipients and desk reviews of 20 percent of medium-risk subrecipients. No additional action is required for low-risk subrecipients. The monitoring policy requires the SEMA to generate reports listing any deficiencies noted during on-site and desk monitoring reviews. The Monitoring Report will, if applicable, reflect any notice given to the subrecipient about delinquent reports, failure to submit proper documentation, and any issues noted during the review. The monitoring report also identifies the SEMA's and subrecipient's actions and plans to resolve the issue(s), by documenting a brief written plan and timeline for the resolution of the issues identified. When all issues have been resolved, the policy requires a follow-up letter and updated review report to be provided to the subrecipient. The monitoring policy further requires the SEMA during both the desk and on-site monitoring to review the subrecipient's financial and compliance audit reports. The SEMA's single audit compliance policy requires the SEMA to verify every subrecipient had a single audit when required. Once the single audit is reviewed and additional documentation is obtained, the SEMA will issue a Management Decision Letter. Monitoring reviews During state fiscal year 2024, the SEMA's Monitoring Specialist performed risk assessments for all 890 subrecipients of open projects; however, the SEMA did not perform the 190 monitoring reviews of these subrecipients as required by the monitoring policy. The following table shows the results of the risk assessments performed for that fiscal year, and the supervisory monitoring reviews required by federal regulation and SEMA policy. When subrecipient monitoring reviews are not performed as required by federal regulation and SEMA policy, there is increased risk that noncompliance with program requirements will go undetected. Subrecipient audits During state fiscal year 2024, the SEMA did not conduct the required review of single audit reports for applicable DGPA program subrecipients as required by SEMA policies and federal regulations. During September 2023, the SEMA sent letters to all subrecipients asking if they were required to have a single audit; but performed no further procedures such as ensuring subrecipients obtained the audits or reviewing and following up on audit reports. Each subrecipient that spent in excess of $750,000 in federal awards during its fiscal year must obtain a single audit in accordance with federal regulations within 9 months after the end of the fiscal year. In addition to noncompliance with subrecipient monitoring requirements, the failure to ensure subrecipients received required audits and to review and follow up on the related audit reports, increases the risk that subrecipient noncompliance will not be identified and addressed. Conclusions SEMA personnel indicated the monitoring reviews and single audit reviews were not performed due to turnover and shortages in staff. Adherence to policies and procedures is necessary to ensure compliance with subrecipient monitoring requirements. Regulation 2 CFR Section 200.303(a) requires the non-federal entity to "[e]stablish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-federal entity is managing the Federal award in compliance with Federal regulations, SEMA policies and the terms and conditions of the Federal award." Recommendation The SEMA strengthen controls and procedures to ensure subrecipients of the DGPG are monitored in accordance with the monitoring policies and ensure policies are followed to ensure compliance with the monitoring requirements. Auditee's Response We agree with the auditor's finding. Our Corrective Action Plan includes our planned actions to address the finding.
2024-004: Subrecipient Determination and Monitoring Assistance Listing Number (ALN) and Title: 20.205 Highway Planning and Construction Federal Grantor: U.S. Department of Transportation (DOT) Passed-through: Oregon Department of Transportation (ODOT) Award Identification Numbers and Years: Finding is applicable to all 20.205 awards on the SEFA for 2024 Compliance Requirement: Subrecipient Monitoring Type of Finding: Noncompliance and Material Weakness in Internal Control over Compliance. Prior Year Audit Finding: No Criteria: 2 CFR 200.331 requires pass-through entities (PTEs) like LCOG to make case-by-case determinations whether an agreement casts the party receiving funds as a subrecipient or a contractor (vendor). This determination affects reporting on the SEFA (§200.510(b)(4)). Furthermore, 2 CFR 200.332 requires PTEs to evaluate each subrecipient's risk of noncompliance, monitor their activities to ensure compliance with federal requirements (including reviewing financial and performance reports), and verify that subrecipients subject to the Single Audit requirements have obtained the required audit and take appropriate action on any findings effecting the pass-through program (§200.332(b), (d), and (f)). Effective internal controls should ensure proper classification and that required monitoring activities are performed and documented. Condition: LCOG exhibited weaknesses in its process for determining and monitoring subrecipients under ALN 20.205. Specifically: LCOG did not correctly classify entities receiving funds. Multiple vendors were incorrectly identified as subrecipients on the draft SEFA provided for audit. Two entities meeting the definition of subrecipients were identified during audit procedures; however, LCOG had classified them as vendors and omitted them from the draft SEFA. As a result of misclassifying the actual subrecipients as vendors, LCOG did not perform required subrecipient monitoring activities for these entities, such as conducting and documenting a risk assessment or obtaining and reviewing their Single Audit reporting packages. Questioned Costs: None. Context: The misclassifications were identified during audit testing and review of the draft SEFA. While the entities omitted from the SEFA were later confirmed to be subrecipients, LCOG had not performed the required monitoring steps during the fiscal year. Subsequent review of the Single Audit reports for these two subrecipients during the audit process confirmed they had correctly reported the funds received from LCOG and disclosed no audit findings related to this program. No errors were noted in the initial contracting process with these entities. However, the lack of contemporaneous monitoring represents noncompliance and a control weakness. Cause: LCOG lacks adequate procedures for performing and documenting the subrecipient vs. contractor determination based on the criteria in 2 CFR 200.331. This initial failure led to inaccurate SEFA reporting and the subsequent failure to implement required monitoring protocols for entities that were, in fact, subrecipients. Effect: The failure to correctly identify and monitor subrecipients constitutes noncompliance with 2 CFR 200.332 and resulted in inaccurate SEFA reporting. Although no subrecipient noncompliance impacting the program was ultimately identified in this instance, the absence of required monitoring activities (including risk assessment and review of audit reports) creates a risk that subrecipient noncompliance could occur and not be detected by LCOG in a timely manner. This condition represents a material weakness in internal control over compliance. Recommendation: We recommend LCOG implement procedures to: 99 Formally document the determination of whether entities receiving federal funds are subrecipients or contractors prior to entering into agreements and preparing the SEFA, using the criteria in 2 CFR 200.331. Develop and implement a risk-based monitoring plan for all identified subrecipients, ensuring that required monitoring activities (including review of reports and Single Audits, where applicable) are performed and documented throughout the period of performance. Ensure the SEFA accurately reflects subrecipient relationships and amounts passed through. Auditee Views: While we agree that we did not have a formal monitoring plan in place, now that we are aware of the need for such a plan, we will put a plan in place immediately. Once we became aware, we immediately reviewed the single audit reports all subrecipients. As to whether all subrecipients were properly reported on the SEFA, LCOG and ODOT had been in discussions for several months over whether certain entities contracted by LCOG under the Secure Routes to Schools program were, in fact, subrecipients and was unclear due to conflicting guidance received from various individuals. We will begin consulting with ODOT prior to the audit to make sure they agree with the classification of fund recipients as either contractor or subrecipient.
2024-011 U.S. Department of Housing and Urban Development, For the period July 1, 2023, through June 30, 2024, ALN # 14.239– HOME Investment Partnerships Program Criteria: Per 2 CFR §200.331(b), pass-through entities must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Furthermore, 2 CFR §200.332(d) requires pass-through entities to follow up on any audit findings identified in subrecipients’ Single Audit reports that pertain to the federal award. Condition: The City did not perform a documented risk assessment of subrecipients under the HOME program to determine the appropriate level and type of monitoring. Additionally, the City did not obtain or review subrecipients’ Single Audit reports to identify and follow up on any findings related to the HOME program. Two of the four contracts with expenditures in fiscal year 2024 were tested. Cause: The City has not established formal procedures to assess subrecipient risk or to review and follow up on audit findings related to the HOME program. Effect: Without a documented risk assessment and review of subrecipient audit reports: • The City may not tailor its monitoring procedures appropriately, increasing the risk of undetected noncompliance. • Potential issues identified in subrecipient audits may go unaddressed, jeopardizing the integrity of the program and federal funding. Recommendation: The City should implement formal procedures to conduct and document risk assessments for all subrecipients of the HOME program, obtain and review subrecipient Single Audit reports annually, follow up on any findings related to the HOME program to ensure corrective actions are taken. Questioned Costs: none
FINDING REFERENCE NUMBER 2024-012 FEDERAL PROGRAM (ALN 84.287) TWENTY-FIRST CENTURY COMMUNITY LEARNING CENTERS U.S. DEPARTMENT OF EDUCATION AWARD NUMBERS S287C190039C (07/01/2019 – 09/30/2020); S287C200039C (07/01/2020 – 09/30/2021); S287C220039C (07/01/2022 – 09/30/2023) COMPLIANCE REQUIREMENT SUBRECIPIENT MONITORING TYPE OF FINDING MATERIAL NONCOMPLIANCE AND MATERIAL WEAKNESS CRITERIA In accordance with 2 CFR § 200.332(f), pass-through entities are required to monitor the activities of subrecipients as necessary to ensure that the subaward is used for authorized purposes and in compliance with Federal statutes, regulations, and the terms and conditions of the subaward. This includes reviewing subrecipient Single Audit reports to determine whether any audit findings related to the subaward exist and whether appropriate corrective actions are being taken. STATEMENT OF CONDITION As part of our audit procedures, we obtained the list of subrecipients active during the fiscal year 2023-2024, monitoring visit schedules and disbursements made. We selected a sample of three (3) subrecipients to test compliance with internal control policies and compliance with the subrecipient monitoring requirement. We noted the following deficiencies during our tests: 1. For three (3) subrecipients, we did not find any evidence of the receipt of the Single Audit Report or the required financial statements and special Agreed-Upon Procedure Report. 2. For three (3) subrecipients, we were unable to review the performance reports submitted by the subrecipients during the fiscal year because no documentation was provided for our evaluation. 3. The monitoring plan for the fiscal year 2023-2024 was not provided for our evaluation. QUESTIONED COSTS None PERSPECTIVE INFORMATION The PRDE does not maintain an internal control process that provides reasonable assurance of complying with the requirement of receipt, evaluation and issuance of management decisions as required by Federal regulations and the required corrections of any findings and disposition of questioned costs within the required timeframes of the Federal regulations from audit or monitoring process. STATEMENT OF CAUSE The PRDE did not have formal procedures in place to ensure timely collection and review of subrecipients’ Single Audit Report. Responsibilities for this function were not clearly assigned, and monitoring activities were inconsistently documented. POSSIBLE ASSERTED EFFECT Failure to review subrecipient Single Audit Reports increases the risk that audit findings or noncompliance at the subrecipient level may go undetected and unaddressed. This may lead to improper use of Federal funds and noncompliance with Federal requirements. IDENTIFICATION AS A REPEAT FINDING Not previously reported. RECOMMENDATION We recommend that the PRDE establish and implement formal procedures to: Identify all subrecipients subject to Single Audit requirements, obtain and review their audit reports in a timely manner, follow up on relevant audit findings, and maintain documentation of all monitoring activities performed. VIEWS OF RESPONSIBLE OFFICIALS The PRDE acknowledges the auditor’s finding. It Is important to note that information requested is available and exists just that it was not provided in a timely manner for evaluation. The PRDE and the area accepts the recommendations and will work on corrective action plans that help mitigate the delay in providing information per auditors’ requests. IMPLEMENTATION DATE None RESPONSIBLE PERSON Luis M. Oppenheimer Rosario Program Coordinator María de los Ángeles Lizardi Valdés Office of Federal Affairs Director
CRITERIA/SPECIFIC REQUIREMENT: The Code of Federal Regulations (Code) (2 CFR § 200.332 (e)) requires the Regional Office of Education No. 39 to monitor the activities of the subrecipient to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. The Code (2 CFR §200.303 (a)) requires the Regional Office of Education No. 39 to establish and maintain effective internal control over the federal award to provide reasonable assurance the Regional Office of Education No. 39 is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Effective internal controls should include procedures over subrecipient monitoring. CONDITION: The Regional Office of Education No. 39 did not have adequate controls over subrecipient monitoring in compliance with the Code. CONTEXT: During our testing of four subrecipients, we noted the Regional Office of Education No. 39 did not adequately monitor its subrecipients’ grant reporting requirements: • 43 of 48 (90%) monthly expenditure reports were not received. • 4 of 48 (8%) monthly expenditure reports were received five to 183 days late. • 4 of 4 (100%) annual performance reports were received 51 to 114 days late. EFFECT: Lack of controls over subrecipient monitoring may result in subrecipients not properly administering the federal programs in accordance with federal regulations. CAUSE: Management indicated this was due to oversight and staffing limitation. RECOMMENDATION: We recommend the Regional Office of Education No. 39 establish and implement procedures over subrecipient monitoring. MANAGEMENT’S RESPONSE: The Regional Office of Education No. 39 agrees with the audit findings and although some subrecipient monitoring was conducted, not all of the required reports were received, or they were not received in a timely manner. The Regional Office of Education No. 39 is implementing policies and procedures to ensure subrecipient monitoring is not only received but received in a timely manner as well.
Finding 2024-012 – Noncompliance with Subrecipient Monitoring Over Federal Grant – Coronavirus State and Local Fiscal Recovery Funds (Repeat Finding – 2023-012) PASS-THROUGH GRANTOR: Direct Grant FEDERAL AGENCY: U.S. Department of Treasury ASSISTANE LISTING: 21.027 FEDERAL PROGRAM NAME: Coronavirus State and Local Fiscal Recovery Funds FEDERAL AWARD YEAR: 2021 CONTROL CATEGORY: Subrecipient Monitoring QUESTIONED COSTS: $-0- Condition: The County does not have a subrecipient monitoring policy, and not all subrecipient agreements include the following information: • Subrecipient Authorized Representative and program contact information • Subrecipient Employee Identification Number (EIN) and DUNS number • Federal Award Identification Number (FAIN) • Name of Federal Awarding Agency • Contact information for the official at the Federal Awarding Agency • Subaward Budget Period Start and End Date • Catalog of Assistance Listing (AL) number and name • Federal award date • Provide close out terms and conditions Further, subrecipient and beneficiary agreements approved by the Board of County Commissioners state that subrecipient or beneficiary shall provide monthly performance reports until all Coronavirus State and Local Fiscal Recovery Funds awarded hereunder have been expended. Through the observation of records, it was determined that monthly performance reports were not submitted each month by the following entities receiving Coronavirus State and Local Fiscal Recovery Funds: • City of Chickasha • City of Minco • Grady County Volunteer Fire Departments • Rural Water #6 • Rural Water #7 • Grady County Memorial Hospital (ER Renovations Project) Cause of Condition: Policies and procedures have not been designed and implemented to ensure federal expenditures are made in accordance with compliance requirements. Effect of Condition: This condition resulted in noncompliance with federal grant requirements. Recommendation: OSAI recommends the County gain an understanding of the requirements for this program and implement internal controls to ensure compliance with these requirements. OSAI also recommends that entities receiving ARPA funding submit monthly progress reports as stated under the reporting section of the agreements signed by the Board of County Commissioners. Management Response: Chairman of the Board of County Commissioners: The Board of County Commissioners will take measures to ensure future compliance with all requirements of federal grants Criteria: 2 CFR 200, §200.332 Requirements for Pass-Through Entities states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award. (5) A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part. (6) Appropriate terms and conditions concerning closeout of the subaward.
FINDING 2024-210 The Department did not complete sufficient subrecipient monitoring for the Individuals with Disabilities Education Act (IDEA) program during fiscal year 2024. Type of Finding: Significant Deficiency, Noncompliance Assistance Listing Title: Special Education Cluster Assistance Listing Number: 84.027; 84.173 Federal Award Number: 170ED2131; 170ED2231; 500ED2131; 500ED2141; 500ED2231; 500ED2241; 500ED2331; 500ED2341 Program Year: July 1, 2021 – September 30, 2023; July 1, 2022 – September 30, 2024; July 1, 2021 – September 30, 2023; July 1, 2023 – September 30, 2025 Federal Agency: U.S. Department of Education Compliance Requirement: Subrecipient Monitoring Questioned Costs: None Criteria: The U.S. Code of Federal Regulations (CFR) Uniform Administration Requirements, Cost Principles, and Audit Requirements for Federal Awards (2 CFR 200.303) states that nonfederal entities must establish and maintain effective internal control over the federal award that provides reasonable assurance that the nonfederal entity is managing the federal award in compliance with federal statutes, regulations and the terms and conditions of the federal award. The requirements for pass-through entities are in 2 CFR 200.332, which states that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and include the following information at the time of the subaward or if information changes. The required information includes: • Federal Award Identification. 1. Subrecipient’s name (which must match the name associated with its unique entity identifier) 2. Subrecipient’s unique entity identifier 3. Federal Award Identification Number (FAIN) 4. Federal award date of award to the recipient by the federal agency 5. Subaward period of performance start and end date 6. Subaward budget period start and end date 7. Amount of federal funds obligated by this action by the pass-through entity to the subrecipient 8. Total amount of federal funds obligated to the subrecipient by the pass-through entity to the subrecipient 9. Total amount of the federal award committed to the subrecipient by the pass-through entity 10. Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA) 11. Name of awarding agency, pass-through entity, and contact information for awarding official of the pass-through entity 12. Assistance Listings (AL) number and title 13. Identification of whether the award is research and development (R&D) 14. Indirect cost rate for the federal award • All requirements imposed by the pass-through entity on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the federal award. • Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the federal awarding agency, included identification of any required financial and performance reports. Pass-through entities must also: • Evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. • Consider imposing specific subaward conditions upon a subrecipient, if appropriate. • Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subawards, and that subaward performance goals are achieved. • Verify that every subrecipient is audited as required by 2 CFR 200, Subpart F, and follow up on the results of those audits. Further guidance is provided by the U.S. Department of Education in the State General Supervision Responsibilities Under Parts B and C of the IDEA, Monitoring, Technical Assistance, and Enforcement, which states that a state should monitor all LEAs within a reasonable period of time and at least once within a six-year period. Condition: The Department has designed a monitoring plan to meet the IDEA subrecipient monitoring requirements that includes reviewing all LEAs in the State within a five-year period. The USED guidelines indicate reviews should occur within a reasonable amount of time and at least once within a six-year period. The annual award notification letters to LEAs contain the required grant award information. The program administrators perform an annual risk assessment of all LEAs and subrecipients receiving IDEA Funds. The risk assessment dictates the frequency of completed monitoring. The LEAs are scheduled to be reviewed every year for high risk, every two years for medium risk, and every four to five years for low risk. There are approximately 180 LEAs receiving IDEA funding each year; therefore, between 36 and 45 subrecipients should be monitored each year. Fiscal year 2022 was the first year in the monitoring cycle, and monitoring was completed during calendar year 2022 for 35 LEAs. Fiscal year 2023 activity monitoring included 5 LEAs monitored in calendar year 2023, 8 LEAs monitored in calendar year 2024, and 14 LEAs monitored in calendar year 2025. Based on the number of reviews completed in the prior four years, it is unlikely that the Department could complete those remaining 118 reviews in calendar year 2026 to be compliant with the Department’s internal policy or at the conclusion of calendar year 2027 to be compliant with USED monitoring guidelines. Cause: The Department does not have effective written policies and procedures to ensure all LEAs are monitored for IDEA activity within an appropriate amount of time. Further, the Department has not implemented appropriate procedures to ensure monitoring is completed at a sufficient level to ensure compliance with federal program requirements. Effect: Monitoring for fiscal year 2023 activity took three years to complete. This created a significant backlog of monitoring to be completed for activity in fiscal years 2024, 2025, and 2026 that ensures every LEA is reviewed at least once in a six-year period to be compliant with federal monitoring requirements. Monitoring LEAs is a critical requirement in accepting federal funds and ensuring that those funds are spent in compliance with allowable costs and other guidelines provided by the grantor. Lack of monitoring of LEAs increases the risk that LEAs may not comply with the grant terms. Recommendation: We recommend that the Department implement robust written procedures outlining monitoring activities so that an appropriate number of LEAs are monitored annually to help ensure compliance with federal requirements. Management’s View: The Department disagrees with this finding. Corrective Action: Although the Department agrees that not as many LEAs were monitored as might normally be in a given year, the Department is on track to have monitoring activities completed for all LEAs within the five-year cycle and in accordance with the US Department of Education’s six-year cycle. There is no statute that states a certain amount of monitoring must take place each year. Rather, states are required to monitor all LEAs within a six-year period. In Office of Special Education Programs (OSEP) QA 23-01, State General Supervision Responsibilities under Parts B and C of the IDEA, it states: “States should ensure all LEAs or EIS programs are monitored at least once within the six-year cycle of the State’s SPP/APR, presumptively implementing a reasonable timeframe for monitoring.” (See also Q A-11). The special education fiscal monitoring process includes robust written policies and procedures to meet federal requirements, and the Department underwent thorough federal on-site monitoring by OSEP in FY 2024 and passed without any fiscal findings. The LEA fiscal monitoring is assigned and takes place throughout the state fiscal year. The Department has completed or is in the process of completing 88 LEA monitors for the first three years in the cycle before the end of calendar year 2025. Corrective actions will be forthcoming, and LEAs have 365 days to complete any state monitoring and enforcement corrective actions under 34 CFR 300.600(e). This program-specific rule complements the Uniform Grant Guidance of 2 CFR 200.332(d) in which passthrough entities (SEAs) “must ensure subrecipients take ‘timely and appropriate action’ to correct deficiencies.” The Department is currently transitioning to year four of the five-year cycle for FY 2025-26 (reviewing FY 2024-25 records). With the support of five contracted staff, 60 LEAs are scheduled between December 2025 and June 2026 to review FY 2024-25 fiscal records (made available in November 2025 when CPA audits are due to the state). The Department is also continuing to close out corrective action plans for LEAs from prior reviews. Year five (FY 2026-27) of the cycle will evaluate the FY 2025-26 fiscal records of remaining LEAs. Those LEAs will not be available to monitor until November 2026 when LEA CPA audits are finalized and available. The Department will conduct those reviews in FY 2026-27 (after November 2026). The Department will continue to conduct other monitoring activities throughout the year for all LEAs including through claim reimbursement reviews, the annual IDEA Part B Application, and the risk assessment activities in alignment with Idaho’s Special Education System of General Supervision. Auditor’s Concluding Remarks: We thank the Department for its cooperation and assistance throughout the audit. We continue to assert that the Department’s documented progress monitoring LEAs through the end of fiscal year 2024 does not indicate it will comply with federal monitoring requirements. As stated in the finding, documentation reviewed shows that only 62 out of 180 LEAs have been monitored over three and ¾ years, between January 2022 and October 2025. Approximately 63% of the available 6 year monitoring period has elapsed and the Department has only completed approximately 34% of the required reviews. While the Department indicates its intention to catch up the completed reviews, it is unlikely to occur until the Department not only outline a well-defined schedule of monitoring to be completed that complies with the requirements, but also tracks its performance of monitoring completed each year to ensure that each LEA is monitored at least once every six years in accordance with federal monitoring guidelines.
FINDING 2024-215 The Department did not document subrecipient risk assessments or ensure subrecipient audits were received for the Coronavirus State and Local Fiscal Recovery Fund. Type of Finding: Significant Deficiency, Noncompliance Assistance Listing Title: Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.027 Federal Award Number: SLFRP0142 Program Year: March 3, 2021 – December 31, 2024 Federal Agency: Department of the Treasury Compliance Requirement: Subrecipient Monitoring Questioned Costs: None Criteria: The U.S. Code of Federal Regulations (CFR) Uniform Administration Requirements, Cost Principles, and Audit Requirements for Federal Awards (2 CFR 200.303) states that nonfederal entities must establish and maintain effective internal control over the federal award that provides reasonable assurance that the nonfederal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. The requirements for pass-through entities are in 2 CFR 200.332, which states that all pass-through entities must: • Evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. • Consider imposing specific subaward conditions upon a subrecipient, if appropriate. • Verify that every subrecipient is audited as required by 2 CFR 200, Subpart F, and follow up on the results of those audits. A non-Federal entity that expends $750,000 or more during the non-Federal entity’s fiscal year in Federal awards must have a single or program-specific audit conducted for that year. Condition: The Department received funds for the Coronavirus State and Local Fiscal Recovery Fund (Assistance Listing Number 21.027) from the U.S. Department of Treasury through the Idaho Department of Financial Management. The funds were for two specific program areas within the Department: planning and construction grants for the clean and drinking water infrastructure projects and waste management projects. During fiscal year 2024, there were 128 subrecipients for these funds. The Department established oversight for these funds under the Grant Loan Bureau (planning and infrastructure grants) and the Waste Management Group (various waste management projects). The Department complied with some, but not all, of the pass-through entity requirements. Noncompliance was identified in the following areas: 1) The Department did not adequately document their evaluation of each subrecipient’s risk of noncompliance with federal statutes, regulations, and terms and conditions of the subaward for 13 out of 13 (100 percent) of the sample tested. The Department completes thorough reviews throughout the project timeline to ensure that subrecipients are complying, but those reviews do not adequately assess the subrecipients risk of noncompliance with a subaward, prior to award, as required by 2 CFR 200.332(c). While the Department’s review does ensure each subrecipient has financial review controls in place, the Department does not document a formal risk assessment that evaluates each subrecipient’s risk of noncompliance based on the subrecipient’s prior experience with the same or similar awards, the results of previous awards including whether the subrecipient receives a Single Audit, whether the subrecipient has new personnel, or the extent and results of any Federal agency monitoring. 2) The Department does not have a process in place to ensure that subrecipients are audited, as required by 2 CFR 200, Subpart F for 1 out of 13 (7.69 percent) of the contracts tested. In the prior-year audit, it was stated that the planning/construction group in the Grants Loans Bureau were aware of this issue and have procedures in place within their Loan Grant Tracking Software (LGTS) and that the Waste Program was aware that the subrecipients also required procedures; however, no procedures are in place. During this year’s audit, however, no documentation was submitted in support of the Grants Loan Bureau or the Waste Program. Cause: The Department did not have a formal documented risk assessment process in place as they believed the application process and monitoring during the actual grant award period met the requirements. The Department has procedures in place to check the Federal Audit Clearinghouse for Single Audit Act (SAA) grant audits to see if a subrecipient has a recent audit, however, this procedure alone does not satisfy the requirement. The Department did not deem it necessary to implement additional procedures to ensure an audit was completed for subrecipients meeting the threshold because the grant makes up more than 50 percent of the total project cost and are reimbursement grants. The fact that these are reimbursement grants does not exempt the Department from ensuring that the subrecipient is audited as required by 2 CFR 200, Subpart F. Effect: Subrecipient monitoring is a critical requirement when accepting federal funds and ensuring that those funds are spent in compliance with allowable costs and other guidelines provided by the grantor. Assessing the risk of subrecipient noncompliance enables a pass-through entity to determine the proper level of monitoring procedures. Without completing the risk assessment process, a pass-thought entity may increase the risk that appropriate monitoring procedures will not be performed, and noncompliance may occur and go undetected. Subrecipient audit reports may identify internal control issues and noncompliance with federal award requirements. Reviewing these reports and ensuring that potential issues are addressed decreases the overall risk of noncompliance with the federal award requirements. Recommendation: We recommend that the Department design and implement appropriate procedures to ensure that subrecipient risk assessments are properly completed and documented and subrecipient audits are completed and reviewed in accordance with federal grant regulations. Management’s View: We agree with and acknowledge the three findings presented and are committed to addressing them with the following corrective actions being taken by DEQ. Corrective Action: The Department created a Subrecipient Monitoring Policy that will be implemented by the end of this calendar year, December 31, 2025. This policy includes a risk assessment checklist that will be used prior to issuing a subaward. The results of the risk assessment, the overall risk level, and the level of monitoring will be included in the subaward agreement. The risk assessment and the process will be documented with each subaward request. DEQ has had significant turnover in the fiscal office, which has resulted in gaps of knowledge of policies and practices. In summer 2025, DEQ leadership reorganized the fiscal department to improve efficiency, enhance oversight of grants and contracts, and strengthen financial controls. The fiscal office is currently in a rebuilding phase and is dedicated to training and developing staff, implementing best practices, and documenting processes and procedures. Along with these changes, the grants and contracts teams have been combined to help with oversight and consistency. This is particularly valuable when contracting or procuring goods or services with grant or federal funds. Auditor’s Concluding Remarks: We thank the Department for its cooperation and assistance throughout the audit.
FINDING 2024-231 Supporting documentation for subrecipient risk assessments for the Activities to Support State, Tribal, Local and Territorial (STLT) Health Department Response to Public Health or Healthcare Crises program was not available for review. Type of Finding: Significant Deficiency, Noncompliance Related to Prior Finding: 2023-222 AL Title: Activities to Support State, Tribal, Local and Territorial (STLT) Health Department Response to Public Health or Healthcare Crises AL Number: 93.391 Federal Award Number: 1 NH75OT000105-01-00, 6 NH75OT000105-01-00 Program Year: June 1, 2021 – May 31, 2024 Federal Agency: Department of Health and Human Services Requirement: Subrecipient Monitoring Questioned Costs: None Criteria: The U.S. Code of Federal Regulations (CFR), Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) included in 2 CFR 200.303 requires that nonfederal entities receiving federal awards establish and maintain internal control over the federal awards that provides reasonable assurance that the nonfederal entity is managing the federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal awards. The Internal Control Integrated Framework published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) identifies control activities that help ensure management directives are carried out and risks are mitigated. These activities include approvals, authorizations, verifications, reconciliations, and segregation of duties. The Uniform Guidance included in 2 CFR 200.332(b) states that all pass-through entities must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Additionally, 2 CFR 200.332(c)(2) states that all pass-through entities must evaluate each subrecipient's fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring described in paragraph (f) of this section. When evaluating a subrecipient's risk, a pass-through entity should consider the results of previous audits. This includes considering whether the subrecipient receives a Single Audit in accordance with 2 CFR 200 subpart F and the extent to which the same or similar subawards have been audited as a major program. Condition: The Activities to Support State, Tribal, Local and Territorial (STLT) Health Department Response to Public Health or Healthcare Crises program had a total of 6 subrecipients during fiscal year 2024. During testing, the Department was unable to provide a subrecipient risk assessment for 2 out of 6 subrecipients tested (or 33 percent). In the risk assessment, the Department documents the need for a subrecipient to have a Single Audit, if necessary, and the Department’s review of required subrecipient Single Audits. The Department was compliant with all other aspects of the subrecipient monitoring compliance requirements for the subrecipients. Cause: Staff turnover led to the documentation creation and retention shortcomings as new staff were being trained and onboarded when risk assessments should have been completed and documented, including Single Audit requirements. Effect: The Department is exposed to increased risk of noncompliance related to subrecipients and improper payments in the STLT Health Department Response to Public Health or Healthcare Crises program. Recommendation: We recommend that the Department strengthen internal controls to ensure required risk assessments are completed and supporting documentation is retained. Management’s View: The Department Agrees with this Finding. Corrective Action: The Division of Public Health updates its standard operating procedures annually and communicates updates to staff. The DPH Federal Compliance Officer is conducting monthly trainings to cover all required steps in the process and will begin conducting mini audits in calendar year 2026 to ensure all steps are being followed consistently. Auditor’s Concluding Remarks: We thank the Department for its cooperation and assistance throughout the audit.
Criteria or specific requirement: Per 2 CFR 200.303(a), California Department of Transportation (Caltrans) must establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes certain information at the time of the subaward and if any of these data elements change, include the changes in the subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes identification of the (ii) Subrecipient's unique entity identifier. (iii) Federal Award Identification Number (FAIN) (xiii) Identification of whether the Federal award is for research and development. Condition: Audit procedures included a review of a sample of subrecipient contracts for required information with the following results noted. For 60 of 60 samples, the contract did not include neither Subrecipients unique entity identifier, Federal Award Identification Number (FAIN), nor the identification of whether the Federal award is for research and development. Questioned costs: None Context: See “Condition.” Cause: Current internal controls in place to ensure a review of subaward agreements is taking place to verify that all required elements are included per 2 CFR 200 §200.332 are not being done correctly. Effect: Providing incomplete information to subrecipients may result in inaccurate reporting by the subrecipients and ultimately by Caltrans. Repeat Finding: This was reported in the previous year as finding 2023-006. Recommendation: We recommend management enhance existing controls around the review of all subaward agreements to ensure that all pass-through agreements include each of the required elements by 2 CFR §200.332. Views of responsible officials: Management’s response is reported in “Management’s Response and Corrective Action Plan” included in a separate section at the end of this report.
Criteria or specific requirement: Per 2 CFR section 200.303(a), the Department must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Title 2 – Grants and Agreements. Subtitle A – Office of Management and Budget Guidance for Grants and Agreements. Chapter II – Office of Management and Budget Guidance. Part 200 – Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Subpart D – Post Federal Award Requirements. §200.332 Requirements for pass-through entities (2 CFR 200.332): All pass-through entities must: (a) Verify that the subrecipient is not excluded or disqualified in accordance with §180.300. Verification methods are provided in §180.300, which include confirming in SAM.gov that a potential subrecipient is not suspended, debarred, or otherwise excluded from receiving Federal funds. (b) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. 1) Federal award identification. a) Subrecipient name (which must match the name associated with its unique entity identifier); b) Subrecipient’s unique entity identifier; c) Federal Award Identification Number (FAIN); d) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; e) Subaward Period of Performance Start and End Date; f) Subaward Budget Period Start and End Date; g) Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; h) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; i) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; j) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); k) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; l) Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; m) Identification of whether the award is R&D; and n) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per §200.414. (c) Evaluate each subrecipient’s fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring described in paragraphs (f) of this section. When evaluating a subrecipient’s risk, a passthrough entity should consider the following: 1) The subrecipient’s prior experience with the same or similar subawards: 2) The results of previous audits. This includes considering whether or not the subrecipient receives a Single Audit in accordance with Subpart F and the extent to which the same or similar subawards have been audited as a major program; 3) Whether the subrecipient has new personnel or new or substantially changed systems; and 4) The extent and results of Federal agency monitoring (for example, if the subrecipient also receives Federal awards directly from the Federal agency). Condition: Public Health established a formal risk assessment process over its subrecipients of federal awards by which to determine the frequency and extent of subrecipient monitoring to be performed, however the process was established after the period under audit and applied prospectively. In addition, Public Health used a Department Allocation Letter (DAL) for the COVID-19 program instead of an agreement or contract for the subaward to subrecipients. Certain required information for the subaward federal award information such as Assistance Listings number and Title and Federal Award Identification Number (FAIN) were not clearly identified in the DAL. Questioned costs: None Context: See “Condition.” Cause: Procedures to ensure that all relevant information is included in the grant agreements and risk assessments are performed were not in place at the time of the agreements which resulted in the oversight. Effect: By not properly evaluating the risk of noncompliance, Public Health may inadvertently award grant funds to subrecipients who lack the necessary mechanisms or understanding to comply with federal statutes. This increases the likelihood of noncompliance arising during the performance of the grant-funded activities. Furthermore, failure to provide the necessary documentation to subrecipients may result in misuse or misreporting of funding. Repeat Finding: This was reported in the previous year as finding 2023-009. Recommendation: Public Health should ensure every subaward includes all requirements imposed on the subrecipient so that the federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the federal award. Views of responsible officials: Management’s response is reported in “Management’s Response and Corrective Action Plan” included in a separate section at the end of this report.
Criteria or specific requirement: Title 2 – Grants and Agreements. Subtitle A – Office of Management and Budget Guidance for Grants and Agreements. Chapter II – Office of Management and Budget Guidance. Part 200 – Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Subpart D – Post Federal Award Requirements. Standards for Financial and Program Management. §200.303 Internal controls (2 CFR 200.303): The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework,” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Title 2 – Grants and Agreements. Subtitle A – Office of Management and Budget Guidance for Grants and Agreements. Chapter II – Office of Management and Budget Guidance. Part 200 – Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Subpart D – Post Federal Award Requirements. Subrecipient Monitoring and Management. §200.332 Requirements for pass-through entities (2 CFR 200.332): A pass-through entity must: (c) Evaluate each subrecipient’s fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring described in paragraph (f) of this section. When evaluating a subrecipient’s risk, a passthrough entity should consider the following: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits. This includes considering whether or not the subrecipient receives a Single Audit in accordance with subpart F and the extent to which the same or similar subawards have been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of any Federal agency monitoring (for example, if the subrecipient also receives Federal awards directly from the Federal agency). (e) Monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must: (1) Review financial and performance reports. (2) Ensure that the subrecipient takes corrective action on all significant developments that negatively affect the subaward. Significant developments include Single Audit findings related to the subaward, other audit findings, site visits, and written notifications from a subrecipient of adverse conditions which will impact their ability to meet the milestones or the objectives of a subaward. When significant developments negatively impact the subaward, a subrecipient must provide the pass-through entity with information on their plan for corrective action and any assistance needed to resolve the situation. (3) Issue a management decision for audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521. (4) Resolve audit findings specifically related to the subaward. However, the pass-through entity is not responsible for resolving cross-cutting audit findings that apply to the subaward and other Federal awards or subawards. If a subrecipient has a current Single Audit report and has not been excluded from receiving Federal funding (meaning, has not been debarred or suspended), the pass-through entity may rely on the subrecipient’s cognizant agency for audit or oversight agency for audit to perform audit follow-up and make management decisions related to crosscutting audit findings in accordance with section §200.513(a)(4)(viii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. California Code of Regulations. Title 5 Education. § 18023. Compliance Reviews of Contractors. (b) At least once every three (3) years and as resources permit, the California Department of Education shall conduct reviews at the contractor's office(s) and operating facility(ies) to determine the contractor's compliance with applicable laws, regulations or contractual provisions. Child Care and Development Fund (CCDF) Plan for State/Territory California FFY 2022-24, Amendment 4. Chapter 8 Ensure Grantee Program Integrity and Accountability. 8.1 Internal Controls and Accountability Measures to Help Ensure Program Integrity. 8.1.1 Process to train about CCDF requirements and program integrity. States and territories are required to describe effective internal controls that are in place to ensure program integrity and accountability (98.68(a)), including processes to train child care providers and staff of the Lead Agency and other agencies engaged in the administration of CCDF about program requirements and integrity. v. Monitor and assess policy implementation on an ongoing basis. The Lead Agency conducts announced Categorical Program Monitoring (CPM)/Contract Monitoring Reviews (CMRs) for each contractor on a three- or four-year cycle for non-LEAs and LEAs respectively. The Lead Agency’s Governance and Administration Unit (GAU) conducts ongoing review of individual contractors by sampling the eligibility and need documentation in family files to estimate and reduce error rates. Additionally, the Lead Agency provides ongoing training and technical assistance to contractors in regional sessions, in one-on-one sessions, and/or in cluster with webinars or during face to-face presentations. These sessions address CCDF program administration, requirements, and integrity Condition: We selected 60 subrecipient contracts (21 local educational agency (LEA) contracts and 39 non-LEA contracts) from 60 subrecipient entities and tested compliance with subrecipient monitoring requirements. We noted the following: LEA • 2 LEA contracts/contractors had no record of on-site monitoring over five years. Non-LEA • 3 non-LEA contracts/contractors had no records available to demonstrate risk assessment of the contractor. • 11 non-LEA contracts/contractors had no record of on-site monitoring over five years. Questioned costs: None Context: See “Condition.” Cause: In fiscal year 2021, the administration of the CCDF Cluster program was transitioned from the California Department of Education (CDE) to CDSS. CDSS has been in the process of revising certain policies and procedures, including contractor monitoring. In addition, certain records related to CDE monitoring activities for the contracts selected were unavailable for review. Effect: CDSS is at risk for contractor noncompliance if monitoring procedures are not properly designed or executed, and/or documents demonstrating monitoring are not maintained. Repeat Finding: This was reported in the previous year as finding 2023-012. Recommendation: To enhance the effectiveness of the annual risk assessment process, we recommend a thorough evaluation that focuses on the identification and inclusion of all subrecipients and defined risk criteria as mandated in 2 CFR 200.332. Furthermore, it is crucial to establish and document a transparent basis for risk profiling that directly correlates such profiles with compliance monitoring activities across fiscal, program, and single audit requirements. Furthermore, we recommend CDSS perform a comprehensive post-transition review to ensure all monitoring responsibilities transferred from CDE have been fully identified and assigned. This review should validate robust mechanisms are in place for the accurate documentation and proper retention of records. Views of responsible officials: Management’s response is reported in “Management’s Response and Corrective Action Plan” included in a separate section at the end of this report.
Criteria or specific requirement: Per 2 CFR 200.303(a), California Department of Fish and Wildlife (CDFW) must establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes certain information at the time of the subaward and if any of these data elements change, include the changes in the subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes identification of the (xii) Assistance Listing Number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings number at time of disbursement. (xiii) Identification of whether the award is R&D. Per 2 CFR §200.332(f), pass-through entities must verify that subrecipients expected to be audited as required by Subpart F have met this requirement. This verification may be performed as part of the monitoring required under §200.332(d)(2), which includes ensuring subrecipients take timely and appropriate action on deficiencies detected through audits. Condition: Audit procedures included a review of a sample of subrecipient contracts for required information with the following results noted. For 10 of 10 samples, the contract did not include neither the Assistance Listing Number nor the identification of whether the award is R&D. Furthermore, the agency did not perform required monitoring to verify that subrecipients subject to the Single Audit requirement (2 CFR Part 200, Subpart F) completed their audits and addressed any findings. Specifically, the agency did not obtain or review subrecipient audit reports for the fiscal year under audit. Questioned costs: None. Context: See “Condition.” Cause: Current internal controls in place to ensure a review of subaward agreements is taking place to verify that all required elements are included per 2 CFR 200 §200.332 are not being done correctly. The agency lacked formal procedures and internal controls to ensure timely collection and review of subrecipient audit reports. CDFW was not performing requirements to document verification of audit completion and corrective actions. Effect: Providing incomplete information to subrecipients may result in inaccurate reporting by the subrecipients and ultimately by CDFW. Without proper monitoring, the agency cannot ensure that subrecipients comply with federal audit requirements or that corrective actions are taken on identified deficiencies. This increases the risk of noncompliance and potential misuse of federal funds. Repeat Finding: This is not a repeat finding. Recommendation: We recommend management enhance existing controls around the review of all subaward agreements to ensure that all pass-through agreements include each of the required elements by 2 CFR §200.332. We recommend that management establish and implement comprehensive procedures to ensure compliance with subrecipient monitoring requirements. These procedures should include identifying which subrecipients are subject to Single Audit requirements, obtaining and reviewing their audit reports on an annual basis, documenting verification of compliance, and ensuring timely follow-up on any corrective actions related to audit findings. Views of responsible officials: Management’s response is reported in “Management’s Response and Corrective Action Plan” included in a separate section at the end of this report.
Assistance Listing 93.136 Injury Prevention and Control Research and State/Community Based Programs Condition: The City’s Department of Public Health (DPH) did not perform risk assessments or monitor the performance of the eight subrecipients tested for this program. Specifically, DPH did not evaluate the risk of fraud and non-compliance or review the financial and performance reports for these eight entities, Funding for this program is received from the U.S. Department of Health and Human Services. Criteria: OMB’s Uniform Guidance 2 CFR Part 200.332(c) states that the pass-through entity is responsible for evaluating each subrecipient’s fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring.2 CFR Part 200.332(f)further states that depending on the pass-through entity’s assessment of the risk posed by the subrecipient, the pass-through entity may need to provide training and technical assistance on program matters, perform site visits to review program operations, or arrange for other agreed-upon procedures, to ensure compliance with program requirements and achievement of performance goals. Finally, 2 CFR Part 200.332(e) requires the pass-through entity to monitor the activities of subrecipients by reviewing the financial and performance reports of subrecipients to ensure that the entities comply with federal statutes, regulations, and the terms and conditions of their subawards. Effect: Failure to perform risk assessments and review the financial and performance reports of subrecipients resulted in noncompliance with subrecipient monitoring requirements set forth in the Uniform Guidance. Without these reviews, DPH may not adequately determine the appropriate level of monitoring needed to ensure that subrecipients comply with program requirements, federal regulations, and other requirements of their subawards. This noncompliance could also lead to the city having to pay back federal awards. Cause: DPH incurred significant staff turnover. Recommendation: DPH should strengthen its policies and procedures to ensure that risk assessments and required monitoring procedures are performed for all subrecipients. Additionally, for subrecipients determined to be high-risk, DPH should provide training and technical assistance, perform site visits, and/or apply other agreed-upon procedures to help ensure that subrecipients are properly accountable for subawards and comply with program requirements. Views of the Responsible Officials and Corrective Action Plan: The Philadelphia Department of Public Health (PDPH) acknowledges the findings of the Office of the City Controllers. PDPH confirms that risk assessments and related monitoring documentation for all subrecipients were not consistently completed or retained during the audit period, primarily due to staff turnover and limited administrative capacity within the grants management function. To address this, the Division of Substance Use Prevention and Harm Reduction (SUPHR) has initiated corrective measures to strengthen compliance with the requirements of 2 CFR 200.332. These measures include implementation of standardized tools and procedures to ensure that subrecipient risk assessments, monitoring activities, and the review of financial and performance reports are conducted in a consistent, timely, and well-documented manner. Implementation of these improvements will enhance internal controls, ensure appropriate oversight of subrecipients, and promote full compliance with federal regulations. The Department anticipates that tools and standard operating procedures will be finalized by December 19, 2025, with full implementation of corrective actions by March 3, 2026. Contact Person: Daniel Teixeira da Silva, Director, Division of Substance Use Prevention and Harm Reduction (SUPHR), 267-760-0307
Assistance Listing 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases Program Condition: The city’s Department of Public Health (DPH) did not perform risk assessments or monitor the performance of three subrecipient entities tested for this program. Specifically, DPH did not evaluate the risk of fraud and non-compliance or review the financial and performance reports for these three entities. Funding for this program is received from the U.S. Department of Health and Human Services. Criteria: OMB’s Uniform Guidance 2 CFR Part 200.331(a) states that a subaward recipient may be considered a subrecipient of the pass-through agency if the recipient 1) determines who is eligible to receive federal assistance, 2) has its performance measured in relation to whether the objectives of a federal program were met, and 3) has responsibility for programmatic decision-making. OMB’s Uniform Guidance 2 CFR Part 200.332(c) states that the pass-through entity is responsible for evaluating each subrecipient’s fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring. 2 CFR Part 200.332(f) further states that depending on the pass-through entity’s assessment of the risk posed by the subrecipient, the pass-through entity may need to provide training and technical assistance on program matters, perform site visits to review program operations, or arrange for other agreed-upon procedures, to ensure compliance with program requirements and achievement of performance goals. Finally, 2 CFR Part 200.332(e) requires the pass-through entity to monitor the activities of subrecipients by reviewing the financial and performance reports of subrecipients to ensure that the entities comply with federal statutes, regulations, and the terms and conditions of their subawards. Effect: Failure to perform risk assessments and review financial and performance reports for subrecipients resulted in noncompliance with subrecipient monitoring requirements set forth in the Uniform Guidance. Without these reviews, DPH may not adequately determine the appropriate level of monitoring needed to ensure that subrecipients comply with program requirements, federal regulations, and other requirements of their subawards. This noncompliance could also lead to the city having to pay back federal awards. Cause: DPH management misclassified these three entities as contractors, rather than subrecipients. For purposes of the Epidemiology and Laboratory Capacity Program, contracts between DPH and the three entities in question specifically state that each of the entities would serve as subrecipients for grant funding awarded through the contracts. Subawards were used to hire additional staff for DPH’s COVID-19 Containment Program, for duties that included determining who is eligible to receive federal assistance, achieving the objectives established by the program, making programmatic decisions, and adhering to all applicable federal program compliance requirements. Recommendation: DPH management should reevaluate the criteria used to determine whether subaward recipients are classified as subrecipients or contractors. Additionally, management should ensure that risk assessments and required monitoring procedures are performed for all entities classified as subrecipients. Views of the Responsible Officials and Corrective Action Plan: The Philadelphia Department of Public Health (PDPH) acknowledges the Office of the City Controller’s finding. PDPH maintains a process to identify subrecipients during the contracting process. Contracts with subrecipients include federal compliance language. The three entities identified in this finding, including Concilio, Urban Affairs Coalition (UAC), and Public Health Management Corporation (PHMC), should have been classified as vendors and not subrecipients. These entities were not responsible for programmatic decision-making. This error has been corrected in subsequent contracts. Despite the misclassification, appropriate vendor monitoring was conducted, including supervision of staff hiring and monitoring and reconciliation of monthly invoice packages. Contact Person: Jessica Caum, Director, Department of Public Health, 215-685-6731 Naomi Mirowitz, Performance and Compliance Officer, Department of Public Health, 215-964-5050
Assistance Listing 93.914 HIV Emergency Relief Project Grants Condition: The Office of Health and Human Services' (HHS) Audit Unit failed to issue a management decision for audit findings related to two subrecipients of the city, who each had audit findings reported in their respective single audits. The fiscal year 2023 single audit of Bebashi and the fiscal year 2024 single audit of The Children's Hospital of Pennsylvania had a significant deficiency reported under the HIV Emergency Relief Program (ALN 93.914) in the Internal Controls over Major Programs section of the Schedule of Findings and Questioned Costs. Funding for HIV Emergency Relief program is received directly from the U.S. Department of Health and Human Services. Criteria: 2 CFR section 200.332(e) states that the pass-through entity must issue a management decision for audit findings pertaining only to the federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Effect: The management decision serves to confirm the audit findings and outline a corrective action plan for the subrecipient. Failure to issue a management decision could lead to unresolved findings at the subrecipient level. Cause: HHS incorrectly relies on the auditing firms that perform subrecipient single audits to issue a management decision per 2 CFR section 200.312(e). Recommendation: We recommend that HHS management modifies and/or strengthens its current policies and procedures to ensure that a management decision letter will be issued for audit findings relating to any federal awards that were provided to subrecipients. Views of the Responsible Officials and Corrective Action Plan: HHS acknowledges the Controller’s finding that management decision letters were not issued for specific subrecipient audit findings under ALN 93.914, as required under 2 CFR 200.332(e) and 200.521. While the formal letters were not issued, HHS did review the audit findings, obtained and evaluated the subrecipients’ corrective action plans and confirmed that no questioned costs or additional risks remained. These steps ensured that the underlying corrective actions were completed. To strengthen documentation and ensure consistency across all federal programs, HHS will adopt the following corrective measures: 1. Standard management Decision Template • HHS will adopt a simple, uniform management decision template and clear steps for documenting decisions within the required federal timelines. 2. Central Location for Documentation • HHS will store all management decision letters and related materials in one designated shared location to ensure accessibility and consistent record-keeping. 3. Brief Staff Guidance • HHS will provide concise written guidance to staff outlining: o When a management decision is required, o How to complete it using the template, and o What documentation must be retained? These corrective actions will ensure consistent compliance with federal requirements while supporting the City’s long-term goal of standardizing financial processes across departments. Contact Person: Landuleni Shipanga, Controller, City of Philadelphia Office of Children and Families, 215-683-6366
Finding: 2024-002 Subrecipient Monitoring (Significant Deficiency) Information on the Federal Programs: ALN #10.937 Partnerships for Climate-Smart Commodities Criteria or Specific Requirement (including Statutory, Regulatory, or Other Citation): Per 2 CFR 200.332 Requirements for pass-through entities: Pass-through entities must clearly identify to subrecipients the award information, including the Assistance Listing number, subrecipient’s UEI, Federal award identification number, and Federal award project title (§200.332(a)(1)). Pass-through entities must evaluate each subrecipient’s risk of noncompliance to determine the appropriate subrecipient monitoring (§200.332(b)). Pass-through entities must monitor the activities of subrecipients as necessary to ensure compliance with Federal statutes, regulations, and the terms and conditions of the subaward (§200.332(d)). Pass-through entities must verify that every subrecipient required to have an audit under 2 CFR 200 Subpart F has one completed, and issue management decisions on findings (§200.332(g)). Condition: During our testing of subrecipient monitoring, we noted several deficiencies: 1. Subaward agreements were structured more like subcontracts rather than subrecipient agreements and did not include all elements required under 2 CFR 200.332(a), such as the subrecipient’s UEI and Assistance Listing number. 2. Subrecipients were required to submit periodic invoices for reimbursement instead of financial reports detailing costs incurred by budget line item, cumulative expenditures, cash receipts, and cash balances. 3. CIF did not verify the subrecipient’s audit requirements in a timely manner as required under 2 CFR 200.332(g). 4. Pre-award risk assessments were completed; however, the assessments were undated, preventing the audit team from verifying that they occurred prior to subaward execution. Additionally, the monitoring procedures described in policy were not clearly linked to assessed risk levels, and in certain instances, subrecipients with no prior Federal grant management experience were assigned a “low risk” classification. Cause: These conditions occurred due to a lack of formalized procedures to align subrecipient agreements, reporting requirements, and monitoring activities with the specific requirements of 2 CFR 200.332. Management relied on existing subcontract templates and internal policies that were not fully updated to reflect Uniform Guidance requirements. Effect or Potential Effect: Failure to properly structure subaward agreements, obtain adequate financial reporting, and timely verify audit requirements, increases the risk that subrecipients may not comply with Federal statutes and regulations. Questioned Costs: N/A Context: We tested a statistically valid sample of subawards charged to Federal awards. The deficiencies noted were consistent across the sample population, indicating a systemic issue rather than isolated exceptions. Identification as a Repeat Finding, if Applicable: N/ARecommendation: We recommend that management: Update subaward agreement templates to include all elements required under 2 CFR 200.332(a). Require subrecipients to submit periodic financial reports by budget line item, cumulative expenditures, cash receipts, and cash balances, rather than invoices alone. Establish procedures to ensure subrecipient audit requirements are verified and documented in a timely manner in accordance with 2 CFR 200.332(g). CIF should document the impact of any subrecipient audit findings on the program and the planned corrective action. Revise pre-award risk assessment procedures to include dating and ensure that results are documented prior to subaward execution. Strengthen policies to ensure monitoring procedures are explicitly linked to risk assessment results, with higher levels of oversight required for subrecipients new to Federal grant management.
Criteria: 2 CFR 200.303 Internal Controls (a) Establish, document, and maintain effective internal control over the Federal award that provides reasonable assurance that the recipient or subrecipient is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should align with the guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control- Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR 200.329 Monitoring and reporting program performance (a) Monitoring by the recipient and subrecipient. The recipient and subrecipient are responsible for the oversight of the Federal award. The recipient and subrecipient must monitor their activities under Federal awards to ensure they are compliant with all requirements and meeting performance expectations. Monitoring by the recipient and subrecipient must cover each program, function, or activity. See also § 200.332. Condition: • Supporting documentation was not available for 4 out of 8 monitoring reports selected for testing. • None of the monitoring reports selected were approved by a second individual as required by the WIB’s policy. Cause: • Documentation was not retained as required. • Internal controls are not in place over eligibility and monitoring as required by the WIB’s policy. Effect: • Funding may be provided to individuals or entities who are not eligible to receive funding under the federal award programs. • Possible reduction of future funding due to noncompliance with federal award program requirements. Questioned Costs: N/A Repeat Finding: No Recommendation: We recommend that the WIB implement controls and document procedures over eligibility monitoring to ensure compliance with federal award requirements.
Condition: During our test of (2) expenditures totaling $332,735, for the Coronavirus State and Local Fiscal Recovery Funds, it was noted the County did not have a subrecipient monitoring policy and did not obtain subrecipient agreements from its two (2) subrecipients comparing the following information: • Subrecipient name. • Subrecipient Authorized Representative and program contact information. • Subrecipient Employee Identification Number (EIN) and Data Universal Numbering System (DUNS) number. • Federal Award Identification Number (FAIN). • Name of Federal Awarding Agency. • Contact information for the official at the Federal Awarding Agency. • Catalog of Assistance Listing (AL) number and name. • Federal award date. • Total amount of the federal award and indirect cost rate. • Federal award project description. • Start and end date of the agreement. • Amount of federal funds budgeted for the agreement and indirect cost rate allowed. • A statement that all activities must be in accordance with federal statutes, regulations, and terms and conditions of the federal award. The subrecipient should receive a copy of the award documents. • A detailed description of any additional requirements you want the subrecipient to be responsible for such as performance and/or financial reports, attending meetings and/or trainings, etc. • A statement about the monitoring activities, such as where/when they will take place; also include a statement indicating the subrecipient will collaborate on monitoring activities including providing requested financial documents. • A statement indicating if any of the items in the agreement change during the period of performance, the agreement will be amended. • Provide close out terms and conditions. Cause of Condition: Policies and procedures have not been designed and implemented to ensure federal expenditures are made in accordance with compliance requirements. Effect of Condition: This condition resulted in noncompliance with grant requirements. Recommendation: OSAI recommends the County gain an understanding of the requirements for this program and implement internal controls to ensure compliance with these requirements. Management Response: Chairman of the Board of County Commissioners: This issue originated under the prior County Clerk’s administration where key reporting processes were not followed. The Board of County Commissioners and the other elected officials have made correcting this a top priority. Together, we are: • developing a comprehensive SOP to ensure accurate and timely tracking and reporting of Federal funds, • improving communication and oversight between all county offices to ensure consistent reporting standards, • and ensuring annual compliance with federal reporting requirements. Our collective goal is to implement the policies and structures that will keep Osage County operating with the highest standard of accountability and excellence County Clerk: I was not the County Clerk in office at this time. To correct this issue, the County plans to develop a SOP to timely and accurately track and report on Grants and Awards. The SOP will be reviewed, adopted, and monitored by the Board of County Commissioners. Criteria: 2 CFR 200, §200.332 Requirements for Pass-Through Entities states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award. (5) A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part. (6) Appropriate terms and conditions concerning closeout of the subaward.
2024-007 Federal Agencies: U.S. Department of Agriculture Federal Program Names: The Child Nutrition Cluster: National School Lunch Program Summer Food Service Program Child and Adult Care Food Program Assistance Listing Numbers: 10.555 10.559 10.558 Pass-Through Agency: Commonwealth of Pennsylvania, Department of Education Pass-Through Number: 359-46-477-8 Award Period: July 1, 2023 through June 30, 2024 Type of Finding: • Material Weakness in Internal Control over Compliance Criteria: Under 2 CFR 200.332(d), pass-through entities must monitor the activities of subrecipients as necessary to ensure that the subaward is used for authorized purposes and in compliance with Federal statutes, regulations, and the terms and conditions of the subaward. Additionally, Child and Adult Care Program (CACFP), National School Lunch Program (NSLP) and Summer Food Service Program (SFSP) monitoring requirements established by the Pennsylvania Department of Education (PDE) require CBS Food Program to conduct meal observation reviews at each contracted center every six months, including at least two unannounced visits, and maintain documentation of such reviews. Condition: During our testing of subrecipient monitoring activities for PDE programs CACFP, NLSP, and SFSP, we selected 31 contracted centers at random. Management provided documentation for each site, including contracts, meal pattern usage records, licensure and training documentation, and both announced and unannounced meal observation reviews. However, we found that CBS Food Program did not always maintain sufficient evidence to prove required monitoring was performed under the CACFP program. For one center, management could not produce proof that meal observation reviews or the mandated two unannounced visits occurred. At another center, neither a contract nor any meal observation review records, including the two required unannounced visits, could be provided. For the NLSP and SFSP, management was unable to provide contracts for any of the seven sampled centers. Additionally, there was no evidence of training for one center, and a second center had a noncompliant monitoring visit; although corrective action was prepared, follow-up occurred only after 66 days instead of within the required 45-day window. Questioned Costs: None Cause: Management did not maintain sufficient internal controls to ensure required monitoring documentation was consistently obtained, retained, and reviewed for each contracted center. In some cases, monitoring activities may not have been performed, or they were completed but not properly documented. Effect: Failure to perform and/or document required monitoring procedures increases the risk that contracted centers may not comply with PDE CACFP, NLSP and SFSP requirements, potentially resulting in: • Noncompliance with federal monitoring requirements • Inaccurate or unsupported program reimbursements • Risk of disallowed costs or questioned costs under the PDE CACFP, NLSP, and SFSP grants • Inability to demonstrate program oversight during audits Recommendation: We recommend that management strengthen internal controls to ensure all required PDE CACFP, NLSP and SFSP subrecipient monitoring activities, including scheduled meal observations and the mandated unannounced visits—are consistently performed, documented, and retained. Management should implement a centralized tracking system to monitor review deadlines, required follow up actions, and receipt of supporting documentation from each contracted center. In addition, staff responsible for monitoring should receive periodic refresher training on PDE CACFP, NLSP and SFSP specific expectations. Finally, management should conduct periodic internal reviews to verify that monitoring documentation is complete, compliant, and appropriately maintained. Views of Responsible Officers and Corrective Action Plan: Please refer to Community Benefit Solutions dba CBS Food Program’s Corrective Action Plan.
Reference Number: 2024-016 Prior Year Finding: 2023-011 Federal Agency: U.S Department of the Treasury U.S. Department of Education State Agency: Department of Education Federal Program: COVID-19 - Coronavirus State and Local Fiscal Recovery Funds (CSLFRF) COVID-19 – Education Stabilization Fund (ESF) Assistance Listing Number: 21.027 84.425 C, D, R, U, V, W Award Number and Year: CSLFRF: 2021 ESF: S425C210002, 2021-2023 S425D210005, 2021-2023 S425R210006, 2021-2023 S425U210005, 2021-2024 S425V210006, 2022-2024 S425W210021, 2021-2024 Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: Per 2 CFR 200 section 200.332 (a)1 (ii) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes required federal award information at the time of the subaward. If any of the data elements change, include the changes in subsequent subaward modifications. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: Subrecipient's unique entity identifier. Per 2 CFR 200 section 200.332 (a)1(d) a non-Federal entity should monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Internal Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Education (Department) was unable to provide documentation that it had subrecipient monitoring procedures in place, nor that monitoring activities were performed. The Department also did not include all required information in subawards it issued to subrecipients. The Department’s 2023 corrective action plan noted that resolution of the finding would not be until FY 2025. The auditor obtained the Department’s project monitoring plan and monitoring survey implemented during fiscal year 2025. Context: ESF: Twenty-nine subrecipients were selected for testing and the following exceptions were noted: • For 29 of 29 subrecipients selected for testing, the Department was unable to provide documentation that subrecipient monitoring procedures were in place nor that subrecipient monitoring was performed. • For 2 of 29 subrecipients selected for testing, the subrecipient’s unique identifier was not obtained. The subaward did not contain the required information nor did the Department provide documentation of obtaining the information for the subrecipient. CSLFRF: For seven of seven subrecipients selected for testing, the Department was unable to provide documentation that subrecipient monitoring procedures were in place nor that subrecipient monitoring was performed. Cause: The subawards for non-public schools did not contain the required information, which was not identified during the review process. The Department’s 2023 corrective action plan noted that resolution of the finding would not be until FY 2025. The auditor obtained the Department’s project monitoring plan and monitoring survey implemented during fiscal year 2025. Effect: The Department is not in compliance with the grantor’s reporting requirements during the audit period. Questioned costs: None noted. Recommendation: We recommend that the Department continue to implement the sub recipient monitoring procedures and develop internal controls to ensure that the monitoring requirements are performed in a consistent and timely manner. Furthermore, the procedures should ensure that the documentation supporting compliance is maintained and readily available for review. We also recommend that the subawards contain all required federal award information. Views of responsible officials: Management agrees with the finding.
Finding 2023-001: Subrecipient Monitoring Identification of federal program: Program Title: Community Economic Adjustment Assistance for Compatible Use and Joint Land Use Studies Assistance Listing Number: 12.610 Award Identification: W9124J2120002 Federal Agency: U.S. Department of Defense, Office of Local Defense Community Cooperation Criteria or Specific Requirement: Title 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. All pass-through entities are required to have subrecipient monitoring policies and procedures in place, which conform to the requirements of Title 2 CFR § 200.332 to identify subawards, evaluate risk of noncompliance, and perform monitoring procedures based upon identified risks. Condition: In testing compliance over subrecipient monitoring, we noted the Fund does not have a subrecipient monitoring policy in place that fully conforms with requirements of Title 2 CFR § 200.332. Cause: Historically the Fund has had few subawards and therefore has not developed full written subrecipient monitoring policies and procedures. Effect: The Fund should implement policies and procedures for monitoring subrecipients in accordance with Title 2 CFR § 200.332. Questioned Costs: None Context: While management’s existing process includes certain elements of subrecipient monitoring, a formal adopted policy is not in place that that fully conforms with requirements of Title 2 CFR § 200.332. Repeat finding: No Recommendation: Implement policies and procedures for monitoring subrecipients, including adequate documentation that conforms to the requirements of Title 2 CFR § 200.332. Views of responsible individuals: Management concurs with and will implement the recommendation. See corrective action plan.
Finding 2023-001 – Reporting Identification of federal program: Assistance Listing No. 93.558 – Temporary Assistance for Needy Families. Criteria or specific requirement: Section 200.332 of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) provides the requirements for pass-through entities. A pass-through entity (PTE) must clearly identify to the subrecipient the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(2); all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.331(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). Condition: The Organization was not able to provide executed agreements with its subrecipients covering the period under audit that meet the requirements of Section 200.332 of the Uniform Guidance. Cause: Management indicated that the existing subaward agreements, which do not cover the year ended December 31, 2023, were not updated due to an oversight attributed to personnel vacancies. Effect or potential effect: Noncompliance with Section 200.332 of the Uniform Guidance could result in misunderstanding in program compliance requirements. Questioned cost: not applicable. Context: The Organization was not able to provide executed agreements that cover the audit period for the two subawards made under this program. Recommendation: We recommend that the Organization update and execute agreements with its subrecipients that contains all the required elements of Section 200.332 of the Uniform Guidance. Views of responsible officials: The Organization concurs with this finding. See page 40 for corrective action plan.
Finding 2023-001 – Reporting Identification of federal program: Assistance Listing No. 93.558 – Temporary Assistance for Needy Families. Criteria or specific requirement: Section 200.332 of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) provides the requirements for pass-through entities. A pass-through entity (PTE) must clearly identify to the subrecipient the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(2); all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.331(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). Condition: The Organization was not able to provide executed agreements with its subrecipients covering the period under audit that meet the requirements of Section 200.332 of the Uniform Guidance. Cause: Management indicated that the existing subaward agreements, which do not cover the year ended December 31, 2023, were not updated due to an oversight attributed to personnel vacancies. Effect or potential effect: Noncompliance with Section 200.332 of the Uniform Guidance could result in misunderstanding in program compliance requirements. Questioned cost: not applicable. Context: The Organization was not able to provide executed agreements that cover the audit period for the two subawards made under this program. Recommendation: We recommend that the Organization update and execute agreements with its subrecipients that contains all the required elements of Section 200.332 of the Uniform Guidance. Views of responsible officials: The Organization concurs with this finding. See page 40 for corrective action plan.