Federal Agency: Department of Homeland Security - Federal Emergency Management Agency (FEMA) Federal Program: 97.036 Disaster Grants - Public Assistance (Presidentially Declared Disasters) 2017 - FEMA-4317-DR-MO 2019 - FEMA-4435-DR-MO and FEMA-4551-DR-MO 2020 - FEMA-4490-DR-MO and FEMA-4452-DR-MO 2021 - FEMA-4612-DR-MO and FEMA-4636-DR-MO 2022 - FEMA-4665-DR-MO 2023 - FEMA-4741-DR-MO 2024 - FEMA-4803-DR-MO State Agency: Department of Public Safety - State Emergency Management Agency (SEMA) Type of Finding: Internal Control (Material Weakness) and Material Noncompliance Compliance Requirement: Subrecipient Monitoring During state fiscal year 2024, the SEMA did not perform subrecipient monitoring reviews or review subrecipient single audit reports for the Disaster Grants - Public Assistance (Presidentially Declared Disasters) (DGPA) as required. The SEMA disbursed approximately $180 million to 320 DGPA program subrecipients during the year ended June 30, 2024. Regulation 2 CFR Section 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Regulation 2 CFR section 200.332(d) requires pass-through entities to monitor the activities of the subrecipient as necessary to ensure the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. Pass-through entities are required to follow up and ensure the subrecipient takes timely and appropriate action on all deficiencies detected through audits, on-site reviews, and other means. Regulation 2 CFR Section 200.332(f) requires pass-through entities to verify that every subrecipient has a single audit when it is expected that the subrecipient spent $750,000 or more during the subrecipient's fiscal year. The SEMA's tiered monitoring process, outlined in the SEMA's Risk Assessment Form and Recovery Division Monitoring Policy, requires risk assessments be performed 24 months after the disaster declaration for each subrecipient. Risk assessments are to evaluate various risk indicators and categorize each subrecipient as high, medium, or low risk. The risk category determines the required type and nature of monitoring required for the subrecipient. The policy requires on-site monitoring reviews for all high-risk subrecipients and desk reviews of 20 percent of medium-risk subrecipients. No additional action is required for low-risk subrecipients. The monitoring policy requires the SEMA to generate reports listing any deficiencies noted during on-site and desk monitoring reviews. The Monitoring Report will, if applicable, reflect any notice given to the subrecipient about delinquent reports, failure to submit proper documentation, and any issues noted during the review. The monitoring report also identifies the SEMA's and subrecipient's actions and plans to resolve the issue(s), by documenting a brief written plan and timeline for the resolution of the issues identified. When all issues have been resolved, the policy requires a follow-up letter and updated review report to be provided to the subrecipient. The monitoring policy further requires the SEMA during both the desk and on-site monitoring to review the subrecipient's financial and compliance audit reports. The SEMA's single audit compliance policy requires the SEMA to verify every subrecipient had a single audit when required. Once the single audit is reviewed and additional documentation is obtained, the SEMA will issue a Management Decision Letter. Monitoring reviews During state fiscal year 2024, the SEMA's Monitoring Specialist performed risk assessments for all 890 subrecipients of open projects; however, the SEMA did not perform the 190 monitoring reviews of these subrecipients as required by the monitoring policy. The following table shows the results of the risk assessments performed for that fiscal year, and the supervisory monitoring reviews required by federal regulation and SEMA policy. When subrecipient monitoring reviews are not performed as required by federal regulation and SEMA policy, there is increased risk that noncompliance with program requirements will go undetected. Subrecipient audits During state fiscal year 2024, the SEMA did not conduct the required review of single audit reports for applicable DGPA program subrecipients as required by SEMA policies and federal regulations. During September 2023, the SEMA sent letters to all subrecipients asking if they were required to have a single audit; but performed no further procedures such as ensuring subrecipients obtained the audits or reviewing and following up on audit reports. Each subrecipient that spent in excess of $750,000 in federal awards during its fiscal year must obtain a single audit in accordance with federal regulations within 9 months after the end of the fiscal year. In addition to noncompliance with subrecipient monitoring requirements, the failure to ensure subrecipients received required audits and to review and follow up on the related audit reports, increases the risk that subrecipient noncompliance will not be identified and addressed. Conclusions SEMA personnel indicated the monitoring reviews and single audit reviews were not performed due to turnover and shortages in staff. Adherence to policies and procedures is necessary to ensure compliance with subrecipient monitoring requirements. Regulation 2 CFR Section 200.303(a) requires the non-federal entity to "[e]stablish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-federal entity is managing the Federal award in compliance with Federal regulations, SEMA policies and the terms and conditions of the Federal award." Recommendation The SEMA strengthen controls and procedures to ensure subrecipients of the DGPG are monitored in accordance with the monitoring policies and ensure policies are followed to ensure compliance with the monitoring requirements. Auditee's Response We agree with the auditor's finding. Our Corrective Action Plan includes our planned actions to address the finding.
2024-004: Subrecipient Determination and Monitoring Assistance Listing Number (ALN) and Title: 20.205 Highway Planning and Construction Federal Grantor: U.S. Department of Transportation (DOT) Passed-through: Oregon Department of Transportation (ODOT) Award Identification Numbers and Years: Finding is applicable to all 20.205 awards on the SEFA for 2024 Compliance Requirement: Subrecipient Monitoring Type of Finding: Noncompliance and Material Weakness in Internal Control over Compliance. Prior Year Audit Finding: No Criteria: 2 CFR 200.331 requires pass-through entities (PTEs) like LCOG to make case-by-case determinations whether an agreement casts the party receiving funds as a subrecipient or a contractor (vendor). This determination affects reporting on the SEFA (§200.510(b)(4)). Furthermore, 2 CFR 200.332 requires PTEs to evaluate each subrecipient's risk of noncompliance, monitor their activities to ensure compliance with federal requirements (including reviewing financial and performance reports), and verify that subrecipients subject to the Single Audit requirements have obtained the required audit and take appropriate action on any findings effecting the pass-through program (§200.332(b), (d), and (f)). Effective internal controls should ensure proper classification and that required monitoring activities are performed and documented. Condition: LCOG exhibited weaknesses in its process for determining and monitoring subrecipients under ALN 20.205. Specifically: LCOG did not correctly classify entities receiving funds. Multiple vendors were incorrectly identified as subrecipients on the draft SEFA provided for audit. Two entities meeting the definition of subrecipients were identified during audit procedures; however, LCOG had classified them as vendors and omitted them from the draft SEFA. As a result of misclassifying the actual subrecipients as vendors, LCOG did not perform required subrecipient monitoring activities for these entities, such as conducting and documenting a risk assessment or obtaining and reviewing their Single Audit reporting packages. Questioned Costs: None. Context: The misclassifications were identified during audit testing and review of the draft SEFA. While the entities omitted from the SEFA were later confirmed to be subrecipients, LCOG had not performed the required monitoring steps during the fiscal year. Subsequent review of the Single Audit reports for these two subrecipients during the audit process confirmed they had correctly reported the funds received from LCOG and disclosed no audit findings related to this program. No errors were noted in the initial contracting process with these entities. However, the lack of contemporaneous monitoring represents noncompliance and a control weakness. Cause: LCOG lacks adequate procedures for performing and documenting the subrecipient vs. contractor determination based on the criteria in 2 CFR 200.331. This initial failure led to inaccurate SEFA reporting and the subsequent failure to implement required monitoring protocols for entities that were, in fact, subrecipients. Effect: The failure to correctly identify and monitor subrecipients constitutes noncompliance with 2 CFR 200.332 and resulted in inaccurate SEFA reporting. Although no subrecipient noncompliance impacting the program was ultimately identified in this instance, the absence of required monitoring activities (including risk assessment and review of audit reports) creates a risk that subrecipient noncompliance could occur and not be detected by LCOG in a timely manner. This condition represents a material weakness in internal control over compliance. Recommendation: We recommend LCOG implement procedures to: 99 Formally document the determination of whether entities receiving federal funds are subrecipients or contractors prior to entering into agreements and preparing the SEFA, using the criteria in 2 CFR 200.331. Develop and implement a risk-based monitoring plan for all identified subrecipients, ensuring that required monitoring activities (including review of reports and Single Audits, where applicable) are performed and documented throughout the period of performance. Ensure the SEFA accurately reflects subrecipient relationships and amounts passed through. Auditee Views: While we agree that we did not have a formal monitoring plan in place, now that we are aware of the need for such a plan, we will put a plan in place immediately. Once we became aware, we immediately reviewed the single audit reports all subrecipients. As to whether all subrecipients were properly reported on the SEFA, LCOG and ODOT had been in discussions for several months over whether certain entities contracted by LCOG under the Secure Routes to Schools program were, in fact, subrecipients and was unclear due to conflicting guidance received from various individuals. We will begin consulting with ODOT prior to the audit to make sure they agree with the classification of fund recipients as either contractor or subrecipient.
2024-011 U.S. Department of Housing and Urban Development, For the period July 1, 2023, through June 30, 2024, ALN # 14.239– HOME Investment Partnerships Program Criteria: Per 2 CFR §200.331(b), pass-through entities must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Furthermore, 2 CFR §200.332(d) requires pass-through entities to follow up on any audit findings identified in subrecipients’ Single Audit reports that pertain to the federal award. Condition: The City did not perform a documented risk assessment of subrecipients under the HOME program to determine the appropriate level and type of monitoring. Additionally, the City did not obtain or review subrecipients’ Single Audit reports to identify and follow up on any findings related to the HOME program. Two of the four contracts with expenditures in fiscal year 2024 were tested. Cause: The City has not established formal procedures to assess subrecipient risk or to review and follow up on audit findings related to the HOME program. Effect: Without a documented risk assessment and review of subrecipient audit reports: • The City may not tailor its monitoring procedures appropriately, increasing the risk of undetected noncompliance. • Potential issues identified in subrecipient audits may go unaddressed, jeopardizing the integrity of the program and federal funding. Recommendation: The City should implement formal procedures to conduct and document risk assessments for all subrecipients of the HOME program, obtain and review subrecipient Single Audit reports annually, follow up on any findings related to the HOME program to ensure corrective actions are taken. Questioned Costs: none
FINDING REFERENCE NUMBER 2024-012 FEDERAL PROGRAM (ALN 84.287) TWENTY-FIRST CENTURY COMMUNITY LEARNING CENTERS U.S. DEPARTMENT OF EDUCATION AWARD NUMBERS S287C190039C (07/01/2019 – 09/30/2020); S287C200039C (07/01/2020 – 09/30/2021); S287C220039C (07/01/2022 – 09/30/2023) COMPLIANCE REQUIREMENT SUBRECIPIENT MONITORING TYPE OF FINDING MATERIAL NONCOMPLIANCE AND MATERIAL WEAKNESS CRITERIA In accordance with 2 CFR § 200.332(f), pass-through entities are required to monitor the activities of subrecipients as necessary to ensure that the subaward is used for authorized purposes and in compliance with Federal statutes, regulations, and the terms and conditions of the subaward. This includes reviewing subrecipient Single Audit reports to determine whether any audit findings related to the subaward exist and whether appropriate corrective actions are being taken. STATEMENT OF CONDITION As part of our audit procedures, we obtained the list of subrecipients active during the fiscal year 2023-2024, monitoring visit schedules and disbursements made. We selected a sample of three (3) subrecipients to test compliance with internal control policies and compliance with the subrecipient monitoring requirement. We noted the following deficiencies during our tests: 1. For three (3) subrecipients, we did not find any evidence of the receipt of the Single Audit Report or the required financial statements and special Agreed-Upon Procedure Report. 2. For three (3) subrecipients, we were unable to review the performance reports submitted by the subrecipients during the fiscal year because no documentation was provided for our evaluation. 3. The monitoring plan for the fiscal year 2023-2024 was not provided for our evaluation. QUESTIONED COSTS None PERSPECTIVE INFORMATION The PRDE does not maintain an internal control process that provides reasonable assurance of complying with the requirement of receipt, evaluation and issuance of management decisions as required by Federal regulations and the required corrections of any findings and disposition of questioned costs within the required timeframes of the Federal regulations from audit or monitoring process. STATEMENT OF CAUSE The PRDE did not have formal procedures in place to ensure timely collection and review of subrecipients’ Single Audit Report. Responsibilities for this function were not clearly assigned, and monitoring activities were inconsistently documented. POSSIBLE ASSERTED EFFECT Failure to review subrecipient Single Audit Reports increases the risk that audit findings or noncompliance at the subrecipient level may go undetected and unaddressed. This may lead to improper use of Federal funds and noncompliance with Federal requirements. IDENTIFICATION AS A REPEAT FINDING Not previously reported. RECOMMENDATION We recommend that the PRDE establish and implement formal procedures to: Identify all subrecipients subject to Single Audit requirements, obtain and review their audit reports in a timely manner, follow up on relevant audit findings, and maintain documentation of all monitoring activities performed. VIEWS OF RESPONSIBLE OFFICIALS The PRDE acknowledges the auditor’s finding. It Is important to note that information requested is available and exists just that it was not provided in a timely manner for evaluation. The PRDE and the area accepts the recommendations and will work on corrective action plans that help mitigate the delay in providing information per auditors’ requests. IMPLEMENTATION DATE None RESPONSIBLE PERSON Luis M. Oppenheimer Rosario Program Coordinator María de los Ángeles Lizardi Valdés Office of Federal Affairs Director
CRITERIA/SPECIFIC REQUIREMENT: The Code of Federal Regulations (Code) (2 CFR § 200.332 (e)) requires the Regional Office of Education No. 39 to monitor the activities of the subrecipient to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. The Code (2 CFR §200.303 (a)) requires the Regional Office of Education No. 39 to establish and maintain effective internal control over the federal award to provide reasonable assurance the Regional Office of Education No. 39 is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Effective internal controls should include procedures over subrecipient monitoring. CONDITION: The Regional Office of Education No. 39 did not have adequate controls over subrecipient monitoring in compliance with the Code. CONTEXT: During our testing of four subrecipients, we noted the Regional Office of Education No. 39 did not adequately monitor its subrecipients’ grant reporting requirements: • 43 of 48 (90%) monthly expenditure reports were not received. • 4 of 48 (8%) monthly expenditure reports were received five to 183 days late. • 4 of 4 (100%) annual performance reports were received 51 to 114 days late. EFFECT: Lack of controls over subrecipient monitoring may result in subrecipients not properly administering the federal programs in accordance with federal regulations. CAUSE: Management indicated this was due to oversight and staffing limitation. RECOMMENDATION: We recommend the Regional Office of Education No. 39 establish and implement procedures over subrecipient monitoring. MANAGEMENT’S RESPONSE: The Regional Office of Education No. 39 agrees with the audit findings and although some subrecipient monitoring was conducted, not all of the required reports were received, or they were not received in a timely manner. The Regional Office of Education No. 39 is implementing policies and procedures to ensure subrecipient monitoring is not only received but received in a timely manner as well.
Finding 2024-012 – Noncompliance with Subrecipient Monitoring Over Federal Grant – Coronavirus State and Local Fiscal Recovery Funds (Repeat Finding – 2023-012) PASS-THROUGH GRANTOR: Direct Grant FEDERAL AGENCY: U.S. Department of Treasury ASSISTANE LISTING: 21.027 FEDERAL PROGRAM NAME: Coronavirus State and Local Fiscal Recovery Funds FEDERAL AWARD YEAR: 2021 CONTROL CATEGORY: Subrecipient Monitoring QUESTIONED COSTS: $-0- Condition: The County does not have a subrecipient monitoring policy, and not all subrecipient agreements include the following information: • Subrecipient Authorized Representative and program contact information • Subrecipient Employee Identification Number (EIN) and DUNS number • Federal Award Identification Number (FAIN) • Name of Federal Awarding Agency • Contact information for the official at the Federal Awarding Agency • Subaward Budget Period Start and End Date • Catalog of Assistance Listing (AL) number and name • Federal award date • Provide close out terms and conditions Further, subrecipient and beneficiary agreements approved by the Board of County Commissioners state that subrecipient or beneficiary shall provide monthly performance reports until all Coronavirus State and Local Fiscal Recovery Funds awarded hereunder have been expended. Through the observation of records, it was determined that monthly performance reports were not submitted each month by the following entities receiving Coronavirus State and Local Fiscal Recovery Funds: • City of Chickasha • City of Minco • Grady County Volunteer Fire Departments • Rural Water #6 • Rural Water #7 • Grady County Memorial Hospital (ER Renovations Project) Cause of Condition: Policies and procedures have not been designed and implemented to ensure federal expenditures are made in accordance with compliance requirements. Effect of Condition: This condition resulted in noncompliance with federal grant requirements. Recommendation: OSAI recommends the County gain an understanding of the requirements for this program and implement internal controls to ensure compliance with these requirements. OSAI also recommends that entities receiving ARPA funding submit monthly progress reports as stated under the reporting section of the agreements signed by the Board of County Commissioners. Management Response: Chairman of the Board of County Commissioners: The Board of County Commissioners will take measures to ensure future compliance with all requirements of federal grants Criteria: 2 CFR 200, §200.332 Requirements for Pass-Through Entities states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award. (5) A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part. (6) Appropriate terms and conditions concerning closeout of the subaward.
FINDING 2024-210 The Department did not complete sufficient subrecipient monitoring for the Individuals with Disabilities Education Act (IDEA) program during fiscal year 2024. Type of Finding: Significant Deficiency, Noncompliance Assistance Listing Title: Special Education Cluster Assistance Listing Number: 84.027; 84.173 Federal Award Number: 170ED2131; 170ED2231; 500ED2131; 500ED2141; 500ED2231; 500ED2241; 500ED2331; 500ED2341 Program Year: July 1, 2021 – September 30, 2023; July 1, 2022 – September 30, 2024; July 1, 2021 – September 30, 2023; July 1, 2023 – September 30, 2025 Federal Agency: U.S. Department of Education Compliance Requirement: Subrecipient Monitoring Questioned Costs: None Criteria: The U.S. Code of Federal Regulations (CFR) Uniform Administration Requirements, Cost Principles, and Audit Requirements for Federal Awards (2 CFR 200.303) states that nonfederal entities must establish and maintain effective internal control over the federal award that provides reasonable assurance that the nonfederal entity is managing the federal award in compliance with federal statutes, regulations and the terms and conditions of the federal award. The requirements for pass-through entities are in 2 CFR 200.332, which states that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and include the following information at the time of the subaward or if information changes. The required information includes: • Federal Award Identification. 1. Subrecipient’s name (which must match the name associated with its unique entity identifier) 2. Subrecipient’s unique entity identifier 3. Federal Award Identification Number (FAIN) 4. Federal award date of award to the recipient by the federal agency 5. Subaward period of performance start and end date 6. Subaward budget period start and end date 7. Amount of federal funds obligated by this action by the pass-through entity to the subrecipient 8. Total amount of federal funds obligated to the subrecipient by the pass-through entity to the subrecipient 9. Total amount of the federal award committed to the subrecipient by the pass-through entity 10. Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA) 11. Name of awarding agency, pass-through entity, and contact information for awarding official of the pass-through entity 12. Assistance Listings (AL) number and title 13. Identification of whether the award is research and development (R&D) 14. Indirect cost rate for the federal award • All requirements imposed by the pass-through entity on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the federal award. • Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the federal awarding agency, included identification of any required financial and performance reports. Pass-through entities must also: • Evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. • Consider imposing specific subaward conditions upon a subrecipient, if appropriate. • Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subawards, and that subaward performance goals are achieved. • Verify that every subrecipient is audited as required by 2 CFR 200, Subpart F, and follow up on the results of those audits. Further guidance is provided by the U.S. Department of Education in the State General Supervision Responsibilities Under Parts B and C of the IDEA, Monitoring, Technical Assistance, and Enforcement, which states that a state should monitor all LEAs within a reasonable period of time and at least once within a six-year period. Condition: The Department has designed a monitoring plan to meet the IDEA subrecipient monitoring requirements that includes reviewing all LEAs in the State within a five-year period. The USED guidelines indicate reviews should occur within a reasonable amount of time and at least once within a six-year period. The annual award notification letters to LEAs contain the required grant award information. The program administrators perform an annual risk assessment of all LEAs and subrecipients receiving IDEA Funds. The risk assessment dictates the frequency of completed monitoring. The LEAs are scheduled to be reviewed every year for high risk, every two years for medium risk, and every four to five years for low risk. There are approximately 180 LEAs receiving IDEA funding each year; therefore, between 36 and 45 subrecipients should be monitored each year. Fiscal year 2022 was the first year in the monitoring cycle, and monitoring was completed during calendar year 2022 for 35 LEAs. Fiscal year 2023 activity monitoring included 5 LEAs monitored in calendar year 2023, 8 LEAs monitored in calendar year 2024, and 14 LEAs monitored in calendar year 2025. Based on the number of reviews completed in the prior four years, it is unlikely that the Department could complete those remaining 118 reviews in calendar year 2026 to be compliant with the Department’s internal policy or at the conclusion of calendar year 2027 to be compliant with USED monitoring guidelines. Cause: The Department does not have effective written policies and procedures to ensure all LEAs are monitored for IDEA activity within an appropriate amount of time. Further, the Department has not implemented appropriate procedures to ensure monitoring is completed at a sufficient level to ensure compliance with federal program requirements. Effect: Monitoring for fiscal year 2023 activity took three years to complete. This created a significant backlog of monitoring to be completed for activity in fiscal years 2024, 2025, and 2026 that ensures every LEA is reviewed at least once in a six-year period to be compliant with federal monitoring requirements. Monitoring LEAs is a critical requirement in accepting federal funds and ensuring that those funds are spent in compliance with allowable costs and other guidelines provided by the grantor. Lack of monitoring of LEAs increases the risk that LEAs may not comply with the grant terms. Recommendation: We recommend that the Department implement robust written procedures outlining monitoring activities so that an appropriate number of LEAs are monitored annually to help ensure compliance with federal requirements. Management’s View: The Department disagrees with this finding. Corrective Action: Although the Department agrees that not as many LEAs were monitored as might normally be in a given year, the Department is on track to have monitoring activities completed for all LEAs within the five-year cycle and in accordance with the US Department of Education’s six-year cycle. There is no statute that states a certain amount of monitoring must take place each year. Rather, states are required to monitor all LEAs within a six-year period. In Office of Special Education Programs (OSEP) QA 23-01, State General Supervision Responsibilities under Parts B and C of the IDEA, it states: “States should ensure all LEAs or EIS programs are monitored at least once within the six-year cycle of the State’s SPP/APR, presumptively implementing a reasonable timeframe for monitoring.” (See also Q A-11). The special education fiscal monitoring process includes robust written policies and procedures to meet federal requirements, and the Department underwent thorough federal on-site monitoring by OSEP in FY 2024 and passed without any fiscal findings. The LEA fiscal monitoring is assigned and takes place throughout the state fiscal year. The Department has completed or is in the process of completing 88 LEA monitors for the first three years in the cycle before the end of calendar year 2025. Corrective actions will be forthcoming, and LEAs have 365 days to complete any state monitoring and enforcement corrective actions under 34 CFR 300.600(e). This program-specific rule complements the Uniform Grant Guidance of 2 CFR 200.332(d) in which passthrough entities (SEAs) “must ensure subrecipients take ‘timely and appropriate action’ to correct deficiencies.” The Department is currently transitioning to year four of the five-year cycle for FY 2025-26 (reviewing FY 2024-25 records). With the support of five contracted staff, 60 LEAs are scheduled between December 2025 and June 2026 to review FY 2024-25 fiscal records (made available in November 2025 when CPA audits are due to the state). The Department is also continuing to close out corrective action plans for LEAs from prior reviews. Year five (FY 2026-27) of the cycle will evaluate the FY 2025-26 fiscal records of remaining LEAs. Those LEAs will not be available to monitor until November 2026 when LEA CPA audits are finalized and available. The Department will conduct those reviews in FY 2026-27 (after November 2026). The Department will continue to conduct other monitoring activities throughout the year for all LEAs including through claim reimbursement reviews, the annual IDEA Part B Application, and the risk assessment activities in alignment with Idaho’s Special Education System of General Supervision. Auditor’s Concluding Remarks: We thank the Department for its cooperation and assistance throughout the audit. We continue to assert that the Department’s documented progress monitoring LEAs through the end of fiscal year 2024 does not indicate it will comply with federal monitoring requirements. As stated in the finding, documentation reviewed shows that only 62 out of 180 LEAs have been monitored over three and ¾ years, between January 2022 and October 2025. Approximately 63% of the available 6 year monitoring period has elapsed and the Department has only completed approximately 34% of the required reviews. While the Department indicates its intention to catch up the completed reviews, it is unlikely to occur until the Department not only outline a well-defined schedule of monitoring to be completed that complies with the requirements, but also tracks its performance of monitoring completed each year to ensure that each LEA is monitored at least once every six years in accordance with federal monitoring guidelines.
FINDING 2024-215 The Department did not document subrecipient risk assessments or ensure subrecipient audits were received for the Coronavirus State and Local Fiscal Recovery Fund. Type of Finding: Significant Deficiency, Noncompliance Assistance Listing Title: Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.027 Federal Award Number: SLFRP0142 Program Year: March 3, 2021 – December 31, 2024 Federal Agency: Department of the Treasury Compliance Requirement: Subrecipient Monitoring Questioned Costs: None Criteria: The U.S. Code of Federal Regulations (CFR) Uniform Administration Requirements, Cost Principles, and Audit Requirements for Federal Awards (2 CFR 200.303) states that nonfederal entities must establish and maintain effective internal control over the federal award that provides reasonable assurance that the nonfederal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. The requirements for pass-through entities are in 2 CFR 200.332, which states that all pass-through entities must: • Evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. • Consider imposing specific subaward conditions upon a subrecipient, if appropriate. • Verify that every subrecipient is audited as required by 2 CFR 200, Subpart F, and follow up on the results of those audits. A non-Federal entity that expends $750,000 or more during the non-Federal entity’s fiscal year in Federal awards must have a single or program-specific audit conducted for that year. Condition: The Department received funds for the Coronavirus State and Local Fiscal Recovery Fund (Assistance Listing Number 21.027) from the U.S. Department of Treasury through the Idaho Department of Financial Management. The funds were for two specific program areas within the Department: planning and construction grants for the clean and drinking water infrastructure projects and waste management projects. During fiscal year 2024, there were 128 subrecipients for these funds. The Department established oversight for these funds under the Grant Loan Bureau (planning and infrastructure grants) and the Waste Management Group (various waste management projects). The Department complied with some, but not all, of the pass-through entity requirements. Noncompliance was identified in the following areas: 1) The Department did not adequately document their evaluation of each subrecipient’s risk of noncompliance with federal statutes, regulations, and terms and conditions of the subaward for 13 out of 13 (100 percent) of the sample tested. The Department completes thorough reviews throughout the project timeline to ensure that subrecipients are complying, but those reviews do not adequately assess the subrecipients risk of noncompliance with a subaward, prior to award, as required by 2 CFR 200.332(c). While the Department’s review does ensure each subrecipient has financial review controls in place, the Department does not document a formal risk assessment that evaluates each subrecipient’s risk of noncompliance based on the subrecipient’s prior experience with the same or similar awards, the results of previous awards including whether the subrecipient receives a Single Audit, whether the subrecipient has new personnel, or the extent and results of any Federal agency monitoring. 2) The Department does not have a process in place to ensure that subrecipients are audited, as required by 2 CFR 200, Subpart F for 1 out of 13 (7.69 percent) of the contracts tested. In the prior-year audit, it was stated that the planning/construction group in the Grants Loans Bureau were aware of this issue and have procedures in place within their Loan Grant Tracking Software (LGTS) and that the Waste Program was aware that the subrecipients also required procedures; however, no procedures are in place. During this year’s audit, however, no documentation was submitted in support of the Grants Loan Bureau or the Waste Program. Cause: The Department did not have a formal documented risk assessment process in place as they believed the application process and monitoring during the actual grant award period met the requirements. The Department has procedures in place to check the Federal Audit Clearinghouse for Single Audit Act (SAA) grant audits to see if a subrecipient has a recent audit, however, this procedure alone does not satisfy the requirement. The Department did not deem it necessary to implement additional procedures to ensure an audit was completed for subrecipients meeting the threshold because the grant makes up more than 50 percent of the total project cost and are reimbursement grants. The fact that these are reimbursement grants does not exempt the Department from ensuring that the subrecipient is audited as required by 2 CFR 200, Subpart F. Effect: Subrecipient monitoring is a critical requirement when accepting federal funds and ensuring that those funds are spent in compliance with allowable costs and other guidelines provided by the grantor. Assessing the risk of subrecipient noncompliance enables a pass-through entity to determine the proper level of monitoring procedures. Without completing the risk assessment process, a pass-thought entity may increase the risk that appropriate monitoring procedures will not be performed, and noncompliance may occur and go undetected. Subrecipient audit reports may identify internal control issues and noncompliance with federal award requirements. Reviewing these reports and ensuring that potential issues are addressed decreases the overall risk of noncompliance with the federal award requirements. Recommendation: We recommend that the Department design and implement appropriate procedures to ensure that subrecipient risk assessments are properly completed and documented and subrecipient audits are completed and reviewed in accordance with federal grant regulations. Management’s View: We agree with and acknowledge the three findings presented and are committed to addressing them with the following corrective actions being taken by DEQ. Corrective Action: The Department created a Subrecipient Monitoring Policy that will be implemented by the end of this calendar year, December 31, 2025. This policy includes a risk assessment checklist that will be used prior to issuing a subaward. The results of the risk assessment, the overall risk level, and the level of monitoring will be included in the subaward agreement. The risk assessment and the process will be documented with each subaward request. DEQ has had significant turnover in the fiscal office, which has resulted in gaps of knowledge of policies and practices. In summer 2025, DEQ leadership reorganized the fiscal department to improve efficiency, enhance oversight of grants and contracts, and strengthen financial controls. The fiscal office is currently in a rebuilding phase and is dedicated to training and developing staff, implementing best practices, and documenting processes and procedures. Along with these changes, the grants and contracts teams have been combined to help with oversight and consistency. This is particularly valuable when contracting or procuring goods or services with grant or federal funds. Auditor’s Concluding Remarks: We thank the Department for its cooperation and assistance throughout the audit.
FINDING 2024-231 Supporting documentation for subrecipient risk assessments for the Activities to Support State, Tribal, Local and Territorial (STLT) Health Department Response to Public Health or Healthcare Crises program was not available for review. Type of Finding: Significant Deficiency, Noncompliance Related to Prior Finding: 2023-222 AL Title: Activities to Support State, Tribal, Local and Territorial (STLT) Health Department Response to Public Health or Healthcare Crises AL Number: 93.391 Federal Award Number: 1 NH75OT000105-01-00, 6 NH75OT000105-01-00 Program Year: June 1, 2021 – May 31, 2024 Federal Agency: Department of Health and Human Services Requirement: Subrecipient Monitoring Questioned Costs: None Criteria: The U.S. Code of Federal Regulations (CFR), Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) included in 2 CFR 200.303 requires that nonfederal entities receiving federal awards establish and maintain internal control over the federal awards that provides reasonable assurance that the nonfederal entity is managing the federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal awards. The Internal Control Integrated Framework published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) identifies control activities that help ensure management directives are carried out and risks are mitigated. These activities include approvals, authorizations, verifications, reconciliations, and segregation of duties. The Uniform Guidance included in 2 CFR 200.332(b) states that all pass-through entities must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Additionally, 2 CFR 200.332(c)(2) states that all pass-through entities must evaluate each subrecipient's fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring described in paragraph (f) of this section. When evaluating a subrecipient's risk, a pass-through entity should consider the results of previous audits. This includes considering whether the subrecipient receives a Single Audit in accordance with 2 CFR 200 subpart F and the extent to which the same or similar subawards have been audited as a major program. Condition: The Activities to Support State, Tribal, Local and Territorial (STLT) Health Department Response to Public Health or Healthcare Crises program had a total of 6 subrecipients during fiscal year 2024. During testing, the Department was unable to provide a subrecipient risk assessment for 2 out of 6 subrecipients tested (or 33 percent). In the risk assessment, the Department documents the need for a subrecipient to have a Single Audit, if necessary, and the Department’s review of required subrecipient Single Audits. The Department was compliant with all other aspects of the subrecipient monitoring compliance requirements for the subrecipients. Cause: Staff turnover led to the documentation creation and retention shortcomings as new staff were being trained and onboarded when risk assessments should have been completed and documented, including Single Audit requirements. Effect: The Department is exposed to increased risk of noncompliance related to subrecipients and improper payments in the STLT Health Department Response to Public Health or Healthcare Crises program. Recommendation: We recommend that the Department strengthen internal controls to ensure required risk assessments are completed and supporting documentation is retained. Management’s View: The Department Agrees with this Finding. Corrective Action: The Division of Public Health updates its standard operating procedures annually and communicates updates to staff. The DPH Federal Compliance Officer is conducting monthly trainings to cover all required steps in the process and will begin conducting mini audits in calendar year 2026 to ensure all steps are being followed consistently. Auditor’s Concluding Remarks: We thank the Department for its cooperation and assistance throughout the audit.
Criteria or specific requirement: Per 2 CFR 200.303(a), California Department of Transportation (Caltrans) must establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes certain information at the time of the subaward and if any of these data elements change, include the changes in the subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes identification of the (ii) Subrecipient's unique entity identifier. (iii) Federal Award Identification Number (FAIN) (xiii) Identification of whether the Federal award is for research and development. Condition: Audit procedures included a review of a sample of subrecipient contracts for required information with the following results noted. For 60 of 60 samples, the contract did not include neither Subrecipients unique entity identifier, Federal Award Identification Number (FAIN), nor the identification of whether the Federal award is for research and development. Questioned costs: None Context: See “Condition.” Cause: Current internal controls in place to ensure a review of subaward agreements is taking place to verify that all required elements are included per 2 CFR 200 §200.332 are not being done correctly. Effect: Providing incomplete information to subrecipients may result in inaccurate reporting by the subrecipients and ultimately by Caltrans. Repeat Finding: This was reported in the previous year as finding 2023-006. Recommendation: We recommend management enhance existing controls around the review of all subaward agreements to ensure that all pass-through agreements include each of the required elements by 2 CFR §200.332. Views of responsible officials: Management’s response is reported in “Management’s Response and Corrective Action Plan” included in a separate section at the end of this report.
Criteria or specific requirement: Per 2 CFR section 200.303(a), the Department must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Title 2 – Grants and Agreements. Subtitle A – Office of Management and Budget Guidance for Grants and Agreements. Chapter II – Office of Management and Budget Guidance. Part 200 – Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Subpart D – Post Federal Award Requirements. §200.332 Requirements for pass-through entities (2 CFR 200.332): All pass-through entities must: (a) Verify that the subrecipient is not excluded or disqualified in accordance with §180.300. Verification methods are provided in §180.300, which include confirming in SAM.gov that a potential subrecipient is not suspended, debarred, or otherwise excluded from receiving Federal funds. (b) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. 1) Federal award identification. a) Subrecipient name (which must match the name associated with its unique entity identifier); b) Subrecipient’s unique entity identifier; c) Federal Award Identification Number (FAIN); d) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; e) Subaward Period of Performance Start and End Date; f) Subaward Budget Period Start and End Date; g) Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; h) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; i) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; j) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); k) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; l) Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; m) Identification of whether the award is R&D; and n) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per §200.414. (c) Evaluate each subrecipient’s fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring described in paragraphs (f) of this section. When evaluating a subrecipient’s risk, a passthrough entity should consider the following: 1) The subrecipient’s prior experience with the same or similar subawards: 2) The results of previous audits. This includes considering whether or not the subrecipient receives a Single Audit in accordance with Subpart F and the extent to which the same or similar subawards have been audited as a major program; 3) Whether the subrecipient has new personnel or new or substantially changed systems; and 4) The extent and results of Federal agency monitoring (for example, if the subrecipient also receives Federal awards directly from the Federal agency). Condition: Public Health established a formal risk assessment process over its subrecipients of federal awards by which to determine the frequency and extent of subrecipient monitoring to be performed, however the process was established after the period under audit and applied prospectively. In addition, Public Health used a Department Allocation Letter (DAL) for the COVID-19 program instead of an agreement or contract for the subaward to subrecipients. Certain required information for the subaward federal award information such as Assistance Listings number and Title and Federal Award Identification Number (FAIN) were not clearly identified in the DAL. Questioned costs: None Context: See “Condition.” Cause: Procedures to ensure that all relevant information is included in the grant agreements and risk assessments are performed were not in place at the time of the agreements which resulted in the oversight. Effect: By not properly evaluating the risk of noncompliance, Public Health may inadvertently award grant funds to subrecipients who lack the necessary mechanisms or understanding to comply with federal statutes. This increases the likelihood of noncompliance arising during the performance of the grant-funded activities. Furthermore, failure to provide the necessary documentation to subrecipients may result in misuse or misreporting of funding. Repeat Finding: This was reported in the previous year as finding 2023-009. Recommendation: Public Health should ensure every subaward includes all requirements imposed on the subrecipient so that the federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the federal award. Views of responsible officials: Management’s response is reported in “Management’s Response and Corrective Action Plan” included in a separate section at the end of this report.
Criteria or specific requirement: Title 2 – Grants and Agreements. Subtitle A – Office of Management and Budget Guidance for Grants and Agreements. Chapter II – Office of Management and Budget Guidance. Part 200 – Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Subpart D – Post Federal Award Requirements. Standards for Financial and Program Management. §200.303 Internal controls (2 CFR 200.303): The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework,” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Title 2 – Grants and Agreements. Subtitle A – Office of Management and Budget Guidance for Grants and Agreements. Chapter II – Office of Management and Budget Guidance. Part 200 – Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Subpart D – Post Federal Award Requirements. Subrecipient Monitoring and Management. §200.332 Requirements for pass-through entities (2 CFR 200.332): A pass-through entity must: (c) Evaluate each subrecipient’s fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring described in paragraph (f) of this section. When evaluating a subrecipient’s risk, a passthrough entity should consider the following: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits. This includes considering whether or not the subrecipient receives a Single Audit in accordance with subpart F and the extent to which the same or similar subawards have been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of any Federal agency monitoring (for example, if the subrecipient also receives Federal awards directly from the Federal agency). (e) Monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must: (1) Review financial and performance reports. (2) Ensure that the subrecipient takes corrective action on all significant developments that negatively affect the subaward. Significant developments include Single Audit findings related to the subaward, other audit findings, site visits, and written notifications from a subrecipient of adverse conditions which will impact their ability to meet the milestones or the objectives of a subaward. When significant developments negatively impact the subaward, a subrecipient must provide the pass-through entity with information on their plan for corrective action and any assistance needed to resolve the situation. (3) Issue a management decision for audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521. (4) Resolve audit findings specifically related to the subaward. However, the pass-through entity is not responsible for resolving cross-cutting audit findings that apply to the subaward and other Federal awards or subawards. If a subrecipient has a current Single Audit report and has not been excluded from receiving Federal funding (meaning, has not been debarred or suspended), the pass-through entity may rely on the subrecipient’s cognizant agency for audit or oversight agency for audit to perform audit follow-up and make management decisions related to crosscutting audit findings in accordance with section §200.513(a)(4)(viii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. California Code of Regulations. Title 5 Education. § 18023. Compliance Reviews of Contractors. (b) At least once every three (3) years and as resources permit, the California Department of Education shall conduct reviews at the contractor's office(s) and operating facility(ies) to determine the contractor's compliance with applicable laws, regulations or contractual provisions. Child Care and Development Fund (CCDF) Plan for State/Territory California FFY 2022-24, Amendment 4. Chapter 8 Ensure Grantee Program Integrity and Accountability. 8.1 Internal Controls and Accountability Measures to Help Ensure Program Integrity. 8.1.1 Process to train about CCDF requirements and program integrity. States and territories are required to describe effective internal controls that are in place to ensure program integrity and accountability (98.68(a)), including processes to train child care providers and staff of the Lead Agency and other agencies engaged in the administration of CCDF about program requirements and integrity. v. Monitor and assess policy implementation on an ongoing basis. The Lead Agency conducts announced Categorical Program Monitoring (CPM)/Contract Monitoring Reviews (CMRs) for each contractor on a three- or four-year cycle for non-LEAs and LEAs respectively. The Lead Agency’s Governance and Administration Unit (GAU) conducts ongoing review of individual contractors by sampling the eligibility and need documentation in family files to estimate and reduce error rates. Additionally, the Lead Agency provides ongoing training and technical assistance to contractors in regional sessions, in one-on-one sessions, and/or in cluster with webinars or during face to-face presentations. These sessions address CCDF program administration, requirements, and integrity Condition: We selected 60 subrecipient contracts (21 local educational agency (LEA) contracts and 39 non-LEA contracts) from 60 subrecipient entities and tested compliance with subrecipient monitoring requirements. We noted the following: LEA • 2 LEA contracts/contractors had no record of on-site monitoring over five years. Non-LEA • 3 non-LEA contracts/contractors had no records available to demonstrate risk assessment of the contractor. • 11 non-LEA contracts/contractors had no record of on-site monitoring over five years. Questioned costs: None Context: See “Condition.” Cause: In fiscal year 2021, the administration of the CCDF Cluster program was transitioned from the California Department of Education (CDE) to CDSS. CDSS has been in the process of revising certain policies and procedures, including contractor monitoring. In addition, certain records related to CDE monitoring activities for the contracts selected were unavailable for review. Effect: CDSS is at risk for contractor noncompliance if monitoring procedures are not properly designed or executed, and/or documents demonstrating monitoring are not maintained. Repeat Finding: This was reported in the previous year as finding 2023-012. Recommendation: To enhance the effectiveness of the annual risk assessment process, we recommend a thorough evaluation that focuses on the identification and inclusion of all subrecipients and defined risk criteria as mandated in 2 CFR 200.332. Furthermore, it is crucial to establish and document a transparent basis for risk profiling that directly correlates such profiles with compliance monitoring activities across fiscal, program, and single audit requirements. Furthermore, we recommend CDSS perform a comprehensive post-transition review to ensure all monitoring responsibilities transferred from CDE have been fully identified and assigned. This review should validate robust mechanisms are in place for the accurate documentation and proper retention of records. Views of responsible officials: Management’s response is reported in “Management’s Response and Corrective Action Plan” included in a separate section at the end of this report.
Criteria or specific requirement: Per 2 CFR 200.303(a), California Department of Fish and Wildlife (CDFW) must establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes certain information at the time of the subaward and if any of these data elements change, include the changes in the subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes identification of the (xii) Assistance Listing Number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings number at time of disbursement. (xiii) Identification of whether the award is R&D. Per 2 CFR §200.332(f), pass-through entities must verify that subrecipients expected to be audited as required by Subpart F have met this requirement. This verification may be performed as part of the monitoring required under §200.332(d)(2), which includes ensuring subrecipients take timely and appropriate action on deficiencies detected through audits. Condition: Audit procedures included a review of a sample of subrecipient contracts for required information with the following results noted. For 10 of 10 samples, the contract did not include neither the Assistance Listing Number nor the identification of whether the award is R&D. Furthermore, the agency did not perform required monitoring to verify that subrecipients subject to the Single Audit requirement (2 CFR Part 200, Subpart F) completed their audits and addressed any findings. Specifically, the agency did not obtain or review subrecipient audit reports for the fiscal year under audit. Questioned costs: None. Context: See “Condition.” Cause: Current internal controls in place to ensure a review of subaward agreements is taking place to verify that all required elements are included per 2 CFR 200 §200.332 are not being done correctly. The agency lacked formal procedures and internal controls to ensure timely collection and review of subrecipient audit reports. CDFW was not performing requirements to document verification of audit completion and corrective actions. Effect: Providing incomplete information to subrecipients may result in inaccurate reporting by the subrecipients and ultimately by CDFW. Without proper monitoring, the agency cannot ensure that subrecipients comply with federal audit requirements or that corrective actions are taken on identified deficiencies. This increases the risk of noncompliance and potential misuse of federal funds. Repeat Finding: This is not a repeat finding. Recommendation: We recommend management enhance existing controls around the review of all subaward agreements to ensure that all pass-through agreements include each of the required elements by 2 CFR §200.332. We recommend that management establish and implement comprehensive procedures to ensure compliance with subrecipient monitoring requirements. These procedures should include identifying which subrecipients are subject to Single Audit requirements, obtaining and reviewing their audit reports on an annual basis, documenting verification of compliance, and ensuring timely follow-up on any corrective actions related to audit findings. Views of responsible officials: Management’s response is reported in “Management’s Response and Corrective Action Plan” included in a separate section at the end of this report.
Assistance Listing 93.136 Injury Prevention and Control Research and State/Community Based Programs Condition: The City’s Department of Public Health (DPH) did not perform risk assessments or monitor the performance of the eight subrecipients tested for this program. Specifically, DPH did not evaluate the risk of fraud and non-compliance or review the financial and performance reports for these eight entities, Funding for this program is received from the U.S. Department of Health and Human Services. Criteria: OMB’s Uniform Guidance 2 CFR Part 200.332(c) states that the pass-through entity is responsible for evaluating each subrecipient’s fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring.2 CFR Part 200.332(f)further states that depending on the pass-through entity’s assessment of the risk posed by the subrecipient, the pass-through entity may need to provide training and technical assistance on program matters, perform site visits to review program operations, or arrange for other agreed-upon procedures, to ensure compliance with program requirements and achievement of performance goals. Finally, 2 CFR Part 200.332(e) requires the pass-through entity to monitor the activities of subrecipients by reviewing the financial and performance reports of subrecipients to ensure that the entities comply with federal statutes, regulations, and the terms and conditions of their subawards. Effect: Failure to perform risk assessments and review the financial and performance reports of subrecipients resulted in noncompliance with subrecipient monitoring requirements set forth in the Uniform Guidance. Without these reviews, DPH may not adequately determine the appropriate level of monitoring needed to ensure that subrecipients comply with program requirements, federal regulations, and other requirements of their subawards. This noncompliance could also lead to the city having to pay back federal awards. Cause: DPH incurred significant staff turnover. Recommendation: DPH should strengthen its policies and procedures to ensure that risk assessments and required monitoring procedures are performed for all subrecipients. Additionally, for subrecipients determined to be high-risk, DPH should provide training and technical assistance, perform site visits, and/or apply other agreed-upon procedures to help ensure that subrecipients are properly accountable for subawards and comply with program requirements. Views of the Responsible Officials and Corrective Action Plan: The Philadelphia Department of Public Health (PDPH) acknowledges the findings of the Office of the City Controllers. PDPH confirms that risk assessments and related monitoring documentation for all subrecipients were not consistently completed or retained during the audit period, primarily due to staff turnover and limited administrative capacity within the grants management function. To address this, the Division of Substance Use Prevention and Harm Reduction (SUPHR) has initiated corrective measures to strengthen compliance with the requirements of 2 CFR 200.332. These measures include implementation of standardized tools and procedures to ensure that subrecipient risk assessments, monitoring activities, and the review of financial and performance reports are conducted in a consistent, timely, and well-documented manner. Implementation of these improvements will enhance internal controls, ensure appropriate oversight of subrecipients, and promote full compliance with federal regulations. The Department anticipates that tools and standard operating procedures will be finalized by December 19, 2025, with full implementation of corrective actions by March 3, 2026. Contact Person: Daniel Teixeira da Silva, Director, Division of Substance Use Prevention and Harm Reduction (SUPHR), 267-760-0307
Assistance Listing 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases Program Condition: The city’s Department of Public Health (DPH) did not perform risk assessments or monitor the performance of three subrecipient entities tested for this program. Specifically, DPH did not evaluate the risk of fraud and non-compliance or review the financial and performance reports for these three entities. Funding for this program is received from the U.S. Department of Health and Human Services. Criteria: OMB’s Uniform Guidance 2 CFR Part 200.331(a) states that a subaward recipient may be considered a subrecipient of the pass-through agency if the recipient 1) determines who is eligible to receive federal assistance, 2) has its performance measured in relation to whether the objectives of a federal program were met, and 3) has responsibility for programmatic decision-making. OMB’s Uniform Guidance 2 CFR Part 200.332(c) states that the pass-through entity is responsible for evaluating each subrecipient’s fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring. 2 CFR Part 200.332(f) further states that depending on the pass-through entity’s assessment of the risk posed by the subrecipient, the pass-through entity may need to provide training and technical assistance on program matters, perform site visits to review program operations, or arrange for other agreed-upon procedures, to ensure compliance with program requirements and achievement of performance goals. Finally, 2 CFR Part 200.332(e) requires the pass-through entity to monitor the activities of subrecipients by reviewing the financial and performance reports of subrecipients to ensure that the entities comply with federal statutes, regulations, and the terms and conditions of their subawards. Effect: Failure to perform risk assessments and review financial and performance reports for subrecipients resulted in noncompliance with subrecipient monitoring requirements set forth in the Uniform Guidance. Without these reviews, DPH may not adequately determine the appropriate level of monitoring needed to ensure that subrecipients comply with program requirements, federal regulations, and other requirements of their subawards. This noncompliance could also lead to the city having to pay back federal awards. Cause: DPH management misclassified these three entities as contractors, rather than subrecipients. For purposes of the Epidemiology and Laboratory Capacity Program, contracts between DPH and the three entities in question specifically state that each of the entities would serve as subrecipients for grant funding awarded through the contracts. Subawards were used to hire additional staff for DPH’s COVID-19 Containment Program, for duties that included determining who is eligible to receive federal assistance, achieving the objectives established by the program, making programmatic decisions, and adhering to all applicable federal program compliance requirements. Recommendation: DPH management should reevaluate the criteria used to determine whether subaward recipients are classified as subrecipients or contractors. Additionally, management should ensure that risk assessments and required monitoring procedures are performed for all entities classified as subrecipients. Views of the Responsible Officials and Corrective Action Plan: The Philadelphia Department of Public Health (PDPH) acknowledges the Office of the City Controller’s finding. PDPH maintains a process to identify subrecipients during the contracting process. Contracts with subrecipients include federal compliance language. The three entities identified in this finding, including Concilio, Urban Affairs Coalition (UAC), and Public Health Management Corporation (PHMC), should have been classified as vendors and not subrecipients. These entities were not responsible for programmatic decision-making. This error has been corrected in subsequent contracts. Despite the misclassification, appropriate vendor monitoring was conducted, including supervision of staff hiring and monitoring and reconciliation of monthly invoice packages. Contact Person: Jessica Caum, Director, Department of Public Health, 215-685-6731 Naomi Mirowitz, Performance and Compliance Officer, Department of Public Health, 215-964-5050
Assistance Listing 93.914 HIV Emergency Relief Project Grants Condition: The Office of Health and Human Services' (HHS) Audit Unit failed to issue a management decision for audit findings related to two subrecipients of the city, who each had audit findings reported in their respective single audits. The fiscal year 2023 single audit of Bebashi and the fiscal year 2024 single audit of The Children's Hospital of Pennsylvania had a significant deficiency reported under the HIV Emergency Relief Program (ALN 93.914) in the Internal Controls over Major Programs section of the Schedule of Findings and Questioned Costs. Funding for HIV Emergency Relief program is received directly from the U.S. Department of Health and Human Services. Criteria: 2 CFR section 200.332(e) states that the pass-through entity must issue a management decision for audit findings pertaining only to the federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Effect: The management decision serves to confirm the audit findings and outline a corrective action plan for the subrecipient. Failure to issue a management decision could lead to unresolved findings at the subrecipient level. Cause: HHS incorrectly relies on the auditing firms that perform subrecipient single audits to issue a management decision per 2 CFR section 200.312(e). Recommendation: We recommend that HHS management modifies and/or strengthens its current policies and procedures to ensure that a management decision letter will be issued for audit findings relating to any federal awards that were provided to subrecipients. Views of the Responsible Officials and Corrective Action Plan: HHS acknowledges the Controller’s finding that management decision letters were not issued for specific subrecipient audit findings under ALN 93.914, as required under 2 CFR 200.332(e) and 200.521. While the formal letters were not issued, HHS did review the audit findings, obtained and evaluated the subrecipients’ corrective action plans and confirmed that no questioned costs or additional risks remained. These steps ensured that the underlying corrective actions were completed. To strengthen documentation and ensure consistency across all federal programs, HHS will adopt the following corrective measures: 1. Standard management Decision Template • HHS will adopt a simple, uniform management decision template and clear steps for documenting decisions within the required federal timelines. 2. Central Location for Documentation • HHS will store all management decision letters and related materials in one designated shared location to ensure accessibility and consistent record-keeping. 3. Brief Staff Guidance • HHS will provide concise written guidance to staff outlining: o When a management decision is required, o How to complete it using the template, and o What documentation must be retained? These corrective actions will ensure consistent compliance with federal requirements while supporting the City’s long-term goal of standardizing financial processes across departments. Contact Person: Landuleni Shipanga, Controller, City of Philadelphia Office of Children and Families, 215-683-6366
Finding 2023-001: Subrecipient Monitoring Identification of federal program: Program Title: Community Economic Adjustment Assistance for Compatible Use and Joint Land Use Studies Assistance Listing Number: 12.610 Award Identification: W9124J2120002 Federal Agency: U.S. Department of Defense, Office of Local Defense Community Cooperation Criteria or Specific Requirement: Title 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. All pass-through entities are required to have subrecipient monitoring policies and procedures in place, which conform to the requirements of Title 2 CFR § 200.332 to identify subawards, evaluate risk of noncompliance, and perform monitoring procedures based upon identified risks. Condition: In testing compliance over subrecipient monitoring, we noted the Fund does not have a subrecipient monitoring policy in place that fully conforms with requirements of Title 2 CFR § 200.332. Cause: Historically the Fund has had few subawards and therefore has not developed full written subrecipient monitoring policies and procedures. Effect: The Fund should implement policies and procedures for monitoring subrecipients in accordance with Title 2 CFR § 200.332. Questioned Costs: None Context: While management’s existing process includes certain elements of subrecipient monitoring, a formal adopted policy is not in place that that fully conforms with requirements of Title 2 CFR § 200.332. Repeat finding: No Recommendation: Implement policies and procedures for monitoring subrecipients, including adequate documentation that conforms to the requirements of Title 2 CFR § 200.332. Views of responsible individuals: Management concurs with and will implement the recommendation. See corrective action plan.
Finding 2023-001 – Reporting Identification of federal program: Assistance Listing No. 93.558 – Temporary Assistance for Needy Families. Criteria or specific requirement: Section 200.332 of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) provides the requirements for pass-through entities. A pass-through entity (PTE) must clearly identify to the subrecipient the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(2); all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.331(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). Condition: The Organization was not able to provide executed agreements with its subrecipients covering the period under audit that meet the requirements of Section 200.332 of the Uniform Guidance. Cause: Management indicated that the existing subaward agreements, which do not cover the year ended December 31, 2023, were not updated due to an oversight attributed to personnel vacancies. Effect or potential effect: Noncompliance with Section 200.332 of the Uniform Guidance could result in misunderstanding in program compliance requirements. Questioned cost: not applicable. Context: The Organization was not able to provide executed agreements that cover the audit period for the two subawards made under this program. Recommendation: We recommend that the Organization update and execute agreements with its subrecipients that contains all the required elements of Section 200.332 of the Uniform Guidance. Views of responsible officials: The Organization concurs with this finding. See page 40 for corrective action plan.
Finding 2023-001 – Reporting Identification of federal program: Assistance Listing No. 93.558 – Temporary Assistance for Needy Families. Criteria or specific requirement: Section 200.332 of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) provides the requirements for pass-through entities. A pass-through entity (PTE) must clearly identify to the subrecipient the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(2); all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.331(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). Condition: The Organization was not able to provide executed agreements with its subrecipients covering the period under audit that meet the requirements of Section 200.332 of the Uniform Guidance. Cause: Management indicated that the existing subaward agreements, which do not cover the year ended December 31, 2023, were not updated due to an oversight attributed to personnel vacancies. Effect or potential effect: Noncompliance with Section 200.332 of the Uniform Guidance could result in misunderstanding in program compliance requirements. Questioned cost: not applicable. Context: The Organization was not able to provide executed agreements that cover the audit period for the two subawards made under this program. Recommendation: We recommend that the Organization update and execute agreements with its subrecipients that contains all the required elements of Section 200.332 of the Uniform Guidance. Views of responsible officials: The Organization concurs with this finding. See page 40 for corrective action plan.
Finding 2023-001 – Reporting Identification of federal program: Assistance Listing No. 93.558 – Temporary Assistance for Needy Families. Criteria or specific requirement: Section 200.332 of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) provides the requirements for pass-through entities. A pass-through entity (PTE) must clearly identify to the subrecipient the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(2); all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.331(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). Condition: The Organization was not able to provide executed agreements with its subrecipients covering the period under audit that meet the requirements of Section 200.332 of the Uniform Guidance. Cause: Management indicated that the existing subaward agreements, which do not cover the year ended December 31, 2023, were not updated due to an oversight attributed to personnel vacancies. Effect or potential effect: Noncompliance with Section 200.332 of the Uniform Guidance could result in misunderstanding in program compliance requirements. Questioned cost: not applicable. Context: The Organization was not able to provide executed agreements that cover the audit period for the two subawards made under this program. Recommendation: We recommend that the Organization update and execute agreements with its subrecipients that contains all the required elements of Section 200.332 of the Uniform Guidance. Views of responsible officials: The Organization concurs with this finding. See page 40 for corrective action plan.
Finding 2023-001 – Reporting Identification of federal program: Assistance Listing No. 93.558 – Temporary Assistance for Needy Families. Criteria or specific requirement: Section 200.332 of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) provides the requirements for pass-through entities. A pass-through entity (PTE) must clearly identify to the subrecipient the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(2); all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.331(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). Condition: The Organization was not able to provide executed agreements with its subrecipients covering the period under audit that meet the requirements of Section 200.332 of the Uniform Guidance. Cause: Management indicated that the existing subaward agreements, which do not cover the year ended December 31, 2023, were not updated due to an oversight attributed to personnel vacancies. Effect or potential effect: Noncompliance with Section 200.332 of the Uniform Guidance could result in misunderstanding in program compliance requirements. Questioned cost: not applicable. Context: The Organization was not able to provide executed agreements that cover the audit period for the two subawards made under this program. Recommendation: We recommend that the Organization update and execute agreements with its subrecipients that contains all the required elements of Section 200.332 of the Uniform Guidance. Views of responsible officials: The Organization concurs with this finding. See page 40 for corrective action plan.
2023-001 Material Weakness – Subrecipient Monitoring – Material Noncompliance Agency: U.S. Department of Treasury Federal Assistance Listing Number: 21.027 COVID-19 - Coronavirus State and Local Recovery Funds Criteria: 2 CFR 200.332(b) requires a pass-through entity to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. 2 CFR 200.332(d) requires the passthrough entity to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Statement of Condition: Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not document their evaluation of the subrecipients risk of noncompliance and perform monitoring of the subrecipient, as required. Questioned Costs: The amount of questioned costs could not be determined. Context: Lutheran Social Services of Wisconsin and Upper Michigan, Inc.’s subrecipient was required by their contract to provide all requests for disbursement from the grantor to Lutheran Social Services of Wisconsin and Upper Michigan, Inc. for review and approval, prior to requesting the funds from the grantor. Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not receive nor did they review the three (3) draw requests during the period. Additionally, no other processes or controls were in place over the subrecipient monitoring requirement. Effect: Failure to adequately monitor the activity of a subrecipient may result in unallowable costs being charged to the federal program. Cause: Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not have proper controls in place to monitor their subrecipient. Management was unaware the subrecipient was expending passthrough funds and receiving disbursements from the federal grantor. Recommendation: We recommend management review their processes and controls surrounding subrecipients to ensure appropriate oversight is maintained and compliance with all program and contract requirements occurs. Management Response: LSS received a grant from Illinois Housing Development Authority (IHDA) which was ‘passed through’ to a tax credit project entity (the subrecipient of the grant). The agreements governing the grant to Lutheran Social Services of Wisconsin and Upper Michigan, Inc. (LSS) and loan to the subrecipient specifically called for multiple layers of review and approval by the subrecipient, IHDA, other project lenders, a title company, and at IHDA’s request, LSS. The lead developer, a member of the tax credit project entity, is responsible for managing the construction project and for preparation of all draw requests. The agreements specifically called for the tax credit project entity (as subrecipient) to certify to LSS that the draw package met the grant agreement requirements and specifications, on which certification LSS would then rely to make a corresponding certification to IHDA that the draw package met the grant agreement requirements and specifications. In this instance, the lead developer properly prepared certain draw requests (as the subrecipient), made the required certifications, and submitted them directly to IHDA without informing LSS of such draw request. Rather than requiring strict compliance with the grant agreements and rejecting the subrecipient’s draw request for the lack of LSS’s certification, IHDA elected to accept a direct certification from the subrecipient and effectively waive the LSS certification requirement. We agree that LSS did not have a monitoring system in place to ensure that the subrecipient informed LSS of draw requests and ensure that LSS’s intervening certification to IHDA be made, however there are other factors impacting the program: 1. IHDA did not notify the subrecipient or LSS under the terms of the grant documents that the intervening LSS certification was missing, and instead elected to disburse proceeds directly to the subrecipient based on the subrecipient’s direct certification which served as a waiver of the requirement of the intervening LSS certification. 2. All draw requests were approved by the contractor, the architect, the construction lender, and the title company, which multiple additional layers of review put into place by LSS and IHDA as part of grant document negotiation ensured that grant funds were properly utilized for qualifying project expenses. 3. All parties have been made aware of this issue and it has not resulted in any financial, operational or reputation implications. We have put in place a process to ensure all draw requests come to LSS for review and documented sign-off approval before submission to IHDA.
2023-001 Material Weakness – Subrecipient Monitoring – Material Noncompliance Agency: U.S. Department of Treasury Federal Assistance Listing Number: 21.027 COVID-19 - Coronavirus State and Local Recovery Funds Criteria: 2 CFR 200.332(b) requires a pass-through entity to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. 2 CFR 200.332(d) requires the passthrough entity to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Statement of Condition: Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not document their evaluation of the subrecipients risk of noncompliance and perform monitoring of the subrecipient, as required. Questioned Costs: The amount of questioned costs could not be determined. Context: Lutheran Social Services of Wisconsin and Upper Michigan, Inc.’s subrecipient was required by their contract to provide all requests for disbursement from the grantor to Lutheran Social Services of Wisconsin and Upper Michigan, Inc. for review and approval, prior to requesting the funds from the grantor. Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not receive nor did they review the three (3) draw requests during the period. Additionally, no other processes or controls were in place over the subrecipient monitoring requirement. Effect: Failure to adequately monitor the activity of a subrecipient may result in unallowable costs being charged to the federal program. Cause: Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not have proper controls in place to monitor their subrecipient. Management was unaware the subrecipient was expending passthrough funds and receiving disbursements from the federal grantor. Recommendation: We recommend management review their processes and controls surrounding subrecipients to ensure appropriate oversight is maintained and compliance with all program and contract requirements occurs. Management Response: LSS received a grant from Illinois Housing Development Authority (IHDA) which was ‘passed through’ to a tax credit project entity (the subrecipient of the grant). The agreements governing the grant to Lutheran Social Services of Wisconsin and Upper Michigan, Inc. (LSS) and loan to the subrecipient specifically called for multiple layers of review and approval by the subrecipient, IHDA, other project lenders, a title company, and at IHDA’s request, LSS. The lead developer, a member of the tax credit project entity, is responsible for managing the construction project and for preparation of all draw requests. The agreements specifically called for the tax credit project entity (as subrecipient) to certify to LSS that the draw package met the grant agreement requirements and specifications, on which certification LSS would then rely to make a corresponding certification to IHDA that the draw package met the grant agreement requirements and specifications. In this instance, the lead developer properly prepared certain draw requests (as the subrecipient), made the required certifications, and submitted them directly to IHDA without informing LSS of such draw request. Rather than requiring strict compliance with the grant agreements and rejecting the subrecipient’s draw request for the lack of LSS’s certification, IHDA elected to accept a direct certification from the subrecipient and effectively waive the LSS certification requirement. We agree that LSS did not have a monitoring system in place to ensure that the subrecipient informed LSS of draw requests and ensure that LSS’s intervening certification to IHDA be made, however there are other factors impacting the program: 1. IHDA did not notify the subrecipient or LSS under the terms of the grant documents that the intervening LSS certification was missing, and instead elected to disburse proceeds directly to the subrecipient based on the subrecipient’s direct certification which served as a waiver of the requirement of the intervening LSS certification. 2. All draw requests were approved by the contractor, the architect, the construction lender, and the title company, which multiple additional layers of review put into place by LSS and IHDA as part of grant document negotiation ensured that grant funds were properly utilized for qualifying project expenses. 3. All parties have been made aware of this issue and it has not resulted in any financial, operational or reputation implications. We have put in place a process to ensure all draw requests come to LSS for review and documented sign-off approval before submission to IHDA.
2023-001 Material Weakness – Subrecipient Monitoring – Material Noncompliance Agency: U.S. Department of Treasury Federal Assistance Listing Number: 21.027 COVID-19 - Coronavirus State and Local Recovery Funds Criteria: 2 CFR 200.332(b) requires a pass-through entity to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. 2 CFR 200.332(d) requires the passthrough entity to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Statement of Condition: Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not document their evaluation of the subrecipients risk of noncompliance and perform monitoring of the subrecipient, as required. Questioned Costs: The amount of questioned costs could not be determined. Context: Lutheran Social Services of Wisconsin and Upper Michigan, Inc.’s subrecipient was required by their contract to provide all requests for disbursement from the grantor to Lutheran Social Services of Wisconsin and Upper Michigan, Inc. for review and approval, prior to requesting the funds from the grantor. Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not receive nor did they review the three (3) draw requests during the period. Additionally, no other processes or controls were in place over the subrecipient monitoring requirement. Effect: Failure to adequately monitor the activity of a subrecipient may result in unallowable costs being charged to the federal program. Cause: Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not have proper controls in place to monitor their subrecipient. Management was unaware the subrecipient was expending passthrough funds and receiving disbursements from the federal grantor. Recommendation: We recommend management review their processes and controls surrounding subrecipients to ensure appropriate oversight is maintained and compliance with all program and contract requirements occurs. Management Response: LSS received a grant from Illinois Housing Development Authority (IHDA) which was ‘passed through’ to a tax credit project entity (the subrecipient of the grant). The agreements governing the grant to Lutheran Social Services of Wisconsin and Upper Michigan, Inc. (LSS) and loan to the subrecipient specifically called for multiple layers of review and approval by the subrecipient, IHDA, other project lenders, a title company, and at IHDA’s request, LSS. The lead developer, a member of the tax credit project entity, is responsible for managing the construction project and for preparation of all draw requests. The agreements specifically called for the tax credit project entity (as subrecipient) to certify to LSS that the draw package met the grant agreement requirements and specifications, on which certification LSS would then rely to make a corresponding certification to IHDA that the draw package met the grant agreement requirements and specifications. In this instance, the lead developer properly prepared certain draw requests (as the subrecipient), made the required certifications, and submitted them directly to IHDA without informing LSS of such draw request. Rather than requiring strict compliance with the grant agreements and rejecting the subrecipient’s draw request for the lack of LSS’s certification, IHDA elected to accept a direct certification from the subrecipient and effectively waive the LSS certification requirement. We agree that LSS did not have a monitoring system in place to ensure that the subrecipient informed LSS of draw requests and ensure that LSS’s intervening certification to IHDA be made, however there are other factors impacting the program: 1. IHDA did not notify the subrecipient or LSS under the terms of the grant documents that the intervening LSS certification was missing, and instead elected to disburse proceeds directly to the subrecipient based on the subrecipient’s direct certification which served as a waiver of the requirement of the intervening LSS certification. 2. All draw requests were approved by the contractor, the architect, the construction lender, and the title company, which multiple additional layers of review put into place by LSS and IHDA as part of grant document negotiation ensured that grant funds were properly utilized for qualifying project expenses. 3. All parties have been made aware of this issue and it has not resulted in any financial, operational or reputation implications. We have put in place a process to ensure all draw requests come to LSS for review and documented sign-off approval before submission to IHDA.
Finding 2023-002: Pre-Award Risk Assessment for Sub-Recipient Information on the Federal Program: 93.048 Criteria: As stated in 2 CFR 200.331 part (b), all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring procedures to prescribe to each individual subrecipient. Condition: During our testing performed over subrecipient expenditures, we were unable to obtain evidence that pre-award risk assessment procedures were performed over subrecipients, consistent with 2 CFR §200.332(b). Cause: The Organization's internal policies and procedures governing risk assessment on subrecipients was not performed. Effect or Potential Effect: The Organization could inadvertently be engaged in relationships with subrecipients of higher risk without the appropriate level of oversight to ensure subrecipients are expending funds in accordance with the provisions and terms of the subaward. Questioned Costs: None noted. Context: Our audit procedures consisted of substantive testwork over a sample of subrecipients. We consider our sample to be representative of the population. The samples were made using statistical sampling and we believe the condition appeared to be systematic in nature. Identification as a Repeat Finding, if Applicable: Not a repeat finding. Recommendation: We recommend that the Organization follow their internal policies regarding performing a pre-award risk assessment on all new sub-recipients engaged throughout the life of the award. For repeat sub-recipients, the risk assessment should be re-visited throughout the award term to ensure that conditions have not changed and the original risk assessment remains reasonable.
Criteria or specific requirement: The Code of Federal Regulations, 2 CFR 200.332, states that nonfederal entities passing federal awards through to other entities are required to ensure that subawards to subrecipients include required federal award identification and detail of all compliance and other requirements for the federal award. Condition: During our testing we noted that the Company did not include the federally required elements of the award in the subrecipient agreement. Context: For 6 of the 9 subrecipients selected, the Company did not include in their agreements the required federal award information as outlined by 2 CFR 200.332. Cause: Management was made aware of requirements during the award period and created addendums for agreements with subrecipients. For 6 of the 9 subrecipients selected, addendums with the conditions of the award were not created at the time of our review, and the required information was not provided to subrecipients. Effect: The Company is not in compliance with subrecipient monitoring requirements as outlined by 2 CFR 200.332. Recommendation: We recommend the Company to include all guidance under 2 CFR 200.332 in the agreements entered with subrecipients. Views of responsible officials: There is no disagreement with the audit finding. The company has investigated why the information was not provided, and found the cause was an isolated incident, and the error of a former employee who has since been removed from the company. Measures have been put in place to ensure future compliance.
U.S. Department of Treasury Passed-through the Colorado Department of Local Affairs FFAL #21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Subrecipient Monitoring Material Noncompliance Material Weakness in Internal Controls Criteria: Section 2 CFR 200.331 establishes the determination of whether there is a subrecipient or contractor of the federal award. The non-Federal entity may concurrently receive Federal awards as a recipient, a subrecipient, and a contractor, depending on the substance of its agreements with Federal awarding agencies and pass-through entities. Therefore, a passthrough entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. The Federal awarding agency may supply and require recipients to comply with additional guidance to support these determinations provided such guidance does not conflict with this section. Once it is determined the recipient is a sub-recipient there are certain requirements for pass-through entities established in 2 CFR 200.332. Per 2 CFR 200.332, pass-through entities are responsible for informing subrecipients of the Federal award identifiers including but not limited to award date, period of performance and Federal awarding agency and Assistance Listing Number and title. Pass-through entities are required to assess the subrecipient’s risk of noncompliance with Federal statutes, regulations and the terms and conditions of the subaward. Further, the pass-through entity is required to perform certain monitoring activities to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Finally, the pass-through entity should also verify the subrecipient is audited as required by Subpart F - Audit Requirement under the Uniform Guidance. The monitoring policy should include an initial valuation of risk of noncompliance to determine the appropriate level of monitoring required related to the subaward as well as appropriate awarding documentation. Condition: The County did not appropriately identify two subrecipients of the grant and initially determined them to be contractors. The County failed to perform any subrecipient monitoring as required by the Uniform Guidance. Cause: Due to the County’s failure to understand the sub-recipient monitoring requirements, two of subawards were incorrectly identified as contractors and none of the required award and monitoring procedures were performed for the four subrecipients of the grant. Effect: Insufficient procedures and internal controls related to subrecipients resulted in noncompliance. Questioned Costs: No questioned costs were identified as a result of our procedures. 16 Summit County, Colorado Schedule of Findings and Questioned Costs Year Ended December 31, 2023 Context/Sampling: All four subrecipients were selected for subrecipient monitoring testing. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County establish and adhere to policies and procedures, including internal controls, to ensure compliance with subrecipient monitoring requirements as established by 2 CFR 200.331 and 2 CFR 200.332. Views of Responsible Officials: Management agrees with the finding.
U.S. Department of Treasury Passed-through the Colorado Department of Local Affairs FFAL #21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Subrecipient Monitoring Material Noncompliance Material Weakness in Internal Controls Criteria: Section 2 CFR 200.331 establishes the determination of whether there is a subrecipient or contractor of the federal award. The non-Federal entity may concurrently receive Federal awards as a recipient, a subrecipient, and a contractor, depending on the substance of its agreements with Federal awarding agencies and pass-through entities. Therefore, a passthrough entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. The Federal awarding agency may supply and require recipients to comply with additional guidance to support these determinations provided such guidance does not conflict with this section. Once it is determined the recipient is a sub-recipient there are certain requirements for pass-through entities established in 2 CFR 200.332. Per 2 CFR 200.332, pass-through entities are responsible for informing subrecipients of the Federal award identifiers including but not limited to award date, period of performance and Federal awarding agency and Assistance Listing Number and title. Pass-through entities are required to assess the subrecipient’s risk of noncompliance with Federal statutes, regulations and the terms and conditions of the subaward. Further, the pass-through entity is required to perform certain monitoring activities to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Finally, the pass-through entity should also verify the subrecipient is audited as required by Subpart F - Audit Requirement under the Uniform Guidance. The monitoring policy should include an initial valuation of risk of noncompliance to determine the appropriate level of monitoring required related to the subaward as well as appropriate awarding documentation. Condition: The County did not appropriately identify two subrecipients of the grant and initially determined them to be contractors. The County failed to perform any subrecipient monitoring as required by the Uniform Guidance. Cause: Due to the County’s failure to understand the sub-recipient monitoring requirements, two of subawards were incorrectly identified as contractors and none of the required award and monitoring procedures were performed for the four subrecipients of the grant. Effect: Insufficient procedures and internal controls related to subrecipients resulted in noncompliance. Questioned Costs: No questioned costs were identified as a result of our procedures. 16 Summit County, Colorado Schedule of Findings and Questioned Costs Year Ended December 31, 2023 Context/Sampling: All four subrecipients were selected for subrecipient monitoring testing. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County establish and adhere to policies and procedures, including internal controls, to ensure compliance with subrecipient monitoring requirements as established by 2 CFR 200.331 and 2 CFR 200.332. Views of Responsible Officials: Management agrees with the finding.
U.S. Department of Treasury Passed-through the Colorado Department of Local Affairs FFAL #21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Subrecipient Monitoring Material Noncompliance Material Weakness in Internal Controls Criteria: Section 2 CFR 200.331 establishes the determination of whether there is a subrecipient or contractor of the federal award. The non-Federal entity may concurrently receive Federal awards as a recipient, a subrecipient, and a contractor, depending on the substance of its agreements with Federal awarding agencies and pass-through entities. Therefore, a passthrough entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. The Federal awarding agency may supply and require recipients to comply with additional guidance to support these determinations provided such guidance does not conflict with this section. Once it is determined the recipient is a sub-recipient there are certain requirements for pass-through entities established in 2 CFR 200.332. Per 2 CFR 200.332, pass-through entities are responsible for informing subrecipients of the Federal award identifiers including but not limited to award date, period of performance and Federal awarding agency and Assistance Listing Number and title. Pass-through entities are required to assess the subrecipient’s risk of noncompliance with Federal statutes, regulations and the terms and conditions of the subaward. Further, the pass-through entity is required to perform certain monitoring activities to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Finally, the pass-through entity should also verify the subrecipient is audited as required by Subpart F - Audit Requirement under the Uniform Guidance. The monitoring policy should include an initial valuation of risk of noncompliance to determine the appropriate level of monitoring required related to the subaward as well as appropriate awarding documentation. Condition: The County did not appropriately identify two subrecipients of the grant and initially determined them to be contractors. The County failed to perform any subrecipient monitoring as required by the Uniform Guidance. Cause: Due to the County’s failure to understand the sub-recipient monitoring requirements, two of subawards were incorrectly identified as contractors and none of the required award and monitoring procedures were performed for the four subrecipients of the grant. Effect: Insufficient procedures and internal controls related to subrecipients resulted in noncompliance. Questioned Costs: No questioned costs were identified as a result of our procedures. 16 Summit County, Colorado Schedule of Findings and Questioned Costs Year Ended December 31, 2023 Context/Sampling: All four subrecipients were selected for subrecipient monitoring testing. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County establish and adhere to policies and procedures, including internal controls, to ensure compliance with subrecipient monitoring requirements as established by 2 CFR 200.331 and 2 CFR 200.332. Views of Responsible Officials: Management agrees with the finding.
U.S. Department of Treasury Passed-through the Colorado Department of Local Affairs FFAL #21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Subrecipient Monitoring Material Noncompliance Material Weakness in Internal Controls Criteria: Section 2 CFR 200.331 establishes the determination of whether there is a subrecipient or contractor of the federal award. The non-Federal entity may concurrently receive Federal awards as a recipient, a subrecipient, and a contractor, depending on the substance of its agreements with Federal awarding agencies and pass-through entities. Therefore, a passthrough entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. The Federal awarding agency may supply and require recipients to comply with additional guidance to support these determinations provided such guidance does not conflict with this section. Once it is determined the recipient is a sub-recipient there are certain requirements for pass-through entities established in 2 CFR 200.332. Per 2 CFR 200.332, pass-through entities are responsible for informing subrecipients of the Federal award identifiers including but not limited to award date, period of performance and Federal awarding agency and Assistance Listing Number and title. Pass-through entities are required to assess the subrecipient’s risk of noncompliance with Federal statutes, regulations and the terms and conditions of the subaward. Further, the pass-through entity is required to perform certain monitoring activities to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Finally, the pass-through entity should also verify the subrecipient is audited as required by Subpart F - Audit Requirement under the Uniform Guidance. The monitoring policy should include an initial valuation of risk of noncompliance to determine the appropriate level of monitoring required related to the subaward as well as appropriate awarding documentation. Condition: The County did not appropriately identify two subrecipients of the grant and initially determined them to be contractors. The County failed to perform any subrecipient monitoring as required by the Uniform Guidance. Cause: Due to the County’s failure to understand the sub-recipient monitoring requirements, two of subawards were incorrectly identified as contractors and none of the required award and monitoring procedures were performed for the four subrecipients of the grant. Effect: Insufficient procedures and internal controls related to subrecipients resulted in noncompliance. Questioned Costs: No questioned costs were identified as a result of our procedures. 16 Summit County, Colorado Schedule of Findings and Questioned Costs Year Ended December 31, 2023 Context/Sampling: All four subrecipients were selected for subrecipient monitoring testing. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County establish and adhere to policies and procedures, including internal controls, to ensure compliance with subrecipient monitoring requirements as established by 2 CFR 200.331 and 2 CFR 200.332. Views of Responsible Officials: Management agrees with the finding.
U.S. Department of Treasury Passed-through the Colorado Department of Local Affairs FFAL #21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Subrecipient Monitoring Material Noncompliance Material Weakness in Internal Controls Criteria: Section 2 CFR 200.331 establishes the determination of whether there is a subrecipient or contractor of the federal award. The non-Federal entity may concurrently receive Federal awards as a recipient, a subrecipient, and a contractor, depending on the substance of its agreements with Federal awarding agencies and pass-through entities. Therefore, a passthrough entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. The Federal awarding agency may supply and require recipients to comply with additional guidance to support these determinations provided such guidance does not conflict with this section. Once it is determined the recipient is a sub-recipient there are certain requirements for pass-through entities established in 2 CFR 200.332. Per 2 CFR 200.332, pass-through entities are responsible for informing subrecipients of the Federal award identifiers including but not limited to award date, period of performance and Federal awarding agency and Assistance Listing Number and title. Pass-through entities are required to assess the subrecipient’s risk of noncompliance with Federal statutes, regulations and the terms and conditions of the subaward. Further, the pass-through entity is required to perform certain monitoring activities to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Finally, the pass-through entity should also verify the subrecipient is audited as required by Subpart F - Audit Requirement under the Uniform Guidance. The monitoring policy should include an initial valuation of risk of noncompliance to determine the appropriate level of monitoring required related to the subaward as well as appropriate awarding documentation. Condition: The County did not appropriately identify two subrecipients of the grant and initially determined them to be contractors. The County failed to perform any subrecipient monitoring as required by the Uniform Guidance. Cause: Due to the County’s failure to understand the sub-recipient monitoring requirements, two of subawards were incorrectly identified as contractors and none of the required award and monitoring procedures were performed for the four subrecipients of the grant. Effect: Insufficient procedures and internal controls related to subrecipients resulted in noncompliance. Questioned Costs: No questioned costs were identified as a result of our procedures. 16 Summit County, Colorado Schedule of Findings and Questioned Costs Year Ended December 31, 2023 Context/Sampling: All four subrecipients were selected for subrecipient monitoring testing. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County establish and adhere to policies and procedures, including internal controls, to ensure compliance with subrecipient monitoring requirements as established by 2 CFR 200.331 and 2 CFR 200.332. Views of Responsible Officials: Management agrees with the finding.
U.S. Department of Treasury Passed-through the Colorado Department of Local Affairs FFAL #21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Subrecipient Monitoring Material Noncompliance Material Weakness in Internal Controls Criteria: Section 2 CFR 200.331 establishes the determination of whether there is a subrecipient or contractor of the federal award. The non-Federal entity may concurrently receive Federal awards as a recipient, a subrecipient, and a contractor, depending on the substance of its agreements with Federal awarding agencies and pass-through entities. Therefore, a passthrough entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. The Federal awarding agency may supply and require recipients to comply with additional guidance to support these determinations provided such guidance does not conflict with this section. Once it is determined the recipient is a sub-recipient there are certain requirements for pass-through entities established in 2 CFR 200.332. Per 2 CFR 200.332, pass-through entities are responsible for informing subrecipients of the Federal award identifiers including but not limited to award date, period of performance and Federal awarding agency and Assistance Listing Number and title. Pass-through entities are required to assess the subrecipient’s risk of noncompliance with Federal statutes, regulations and the terms and conditions of the subaward. Further, the pass-through entity is required to perform certain monitoring activities to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Finally, the pass-through entity should also verify the subrecipient is audited as required by Subpart F - Audit Requirement under the Uniform Guidance. The monitoring policy should include an initial valuation of risk of noncompliance to determine the appropriate level of monitoring required related to the subaward as well as appropriate awarding documentation. Condition: The County did not appropriately identify two subrecipients of the grant and initially determined them to be contractors. The County failed to perform any subrecipient monitoring as required by the Uniform Guidance. Cause: Due to the County’s failure to understand the sub-recipient monitoring requirements, two of subawards were incorrectly identified as contractors and none of the required award and monitoring procedures were performed for the four subrecipients of the grant. Effect: Insufficient procedures and internal controls related to subrecipients resulted in noncompliance. Questioned Costs: No questioned costs were identified as a result of our procedures. 16 Summit County, Colorado Schedule of Findings and Questioned Costs Year Ended December 31, 2023 Context/Sampling: All four subrecipients were selected for subrecipient monitoring testing. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County establish and adhere to policies and procedures, including internal controls, to ensure compliance with subrecipient monitoring requirements as established by 2 CFR 200.331 and 2 CFR 200.332. Views of Responsible Officials: Management agrees with the finding.
U.S. Department of Treasury Passed-through the Colorado Department of Local Affairs FFAL #21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Subrecipient Monitoring Material Noncompliance Material Weakness in Internal Controls Criteria: Section 2 CFR 200.331 establishes the determination of whether there is a subrecipient or contractor of the federal award. The non-Federal entity may concurrently receive Federal awards as a recipient, a subrecipient, and a contractor, depending on the substance of its agreements with Federal awarding agencies and pass-through entities. Therefore, a passthrough entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. The Federal awarding agency may supply and require recipients to comply with additional guidance to support these determinations provided such guidance does not conflict with this section. Once it is determined the recipient is a sub-recipient there are certain requirements for pass-through entities established in 2 CFR 200.332. Per 2 CFR 200.332, pass-through entities are responsible for informing subrecipients of the Federal award identifiers including but not limited to award date, period of performance and Federal awarding agency and Assistance Listing Number and title. Pass-through entities are required to assess the subrecipient’s risk of noncompliance with Federal statutes, regulations and the terms and conditions of the subaward. Further, the pass-through entity is required to perform certain monitoring activities to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Finally, the pass-through entity should also verify the subrecipient is audited as required by Subpart F - Audit Requirement under the Uniform Guidance. The monitoring policy should include an initial valuation of risk of noncompliance to determine the appropriate level of monitoring required related to the subaward as well as appropriate awarding documentation. Condition: The County did not appropriately identify two subrecipients of the grant and initially determined them to be contractors. The County failed to perform any subrecipient monitoring as required by the Uniform Guidance. Cause: Due to the County’s failure to understand the sub-recipient monitoring requirements, two of subawards were incorrectly identified as contractors and none of the required award and monitoring procedures were performed for the four subrecipients of the grant. Effect: Insufficient procedures and internal controls related to subrecipients resulted in noncompliance. Questioned Costs: No questioned costs were identified as a result of our procedures. 16 Summit County, Colorado Schedule of Findings and Questioned Costs Year Ended December 31, 2023 Context/Sampling: All four subrecipients were selected for subrecipient monitoring testing. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County establish and adhere to policies and procedures, including internal controls, to ensure compliance with subrecipient monitoring requirements as established by 2 CFR 200.331 and 2 CFR 200.332. Views of Responsible Officials: Management agrees with the finding.
Finding # 2023-003 Subrecipient Monitoring (Significant Deficiency) Information on the Federal Programs: Assistance Listing #98.001 USAID Foreign Assistance for Programs Overseas Criteria or Specific Requirement: § 200.332, Requirements for pass-through entities, requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. The statute also requires pass-through entities to include certain federal award identifying information within the subaward agreement. Condition: The Institute maintains subaward selection and monitoring policies. However, the policies do not include pre-prescribed monitoring procedures based on an assessed level of risk assigned in the subaward selection stage. Additionally, as part of our audit, we selected a sample of subawards charged to the major federal programs. We noted that a subaward agreement did not contain certain federal award identifying information, specifically the relevant Federal Assistance Listing Number (ALN). Cause: The Institute maintains subaward selection and monitoring policies that do not include preprescribed monitoring procedures based on an assessed level of risk. Additionally, Federal Assistance Listing Number were omitted from the subaward agreements based on an oversight during the subaward writing process. Effect or Potential Effect: The Institute may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Not including Federal Assistance Listing Numbers in the subaward agreement could lead to the subrecipient omitting the subaward from its Schedule of Expenditures of Federal Awards. Questioned Costs: N/A Context: The Institute executes subaward agreements under US Federal grants. Therefore, the Institute is subject to § 200.332 Requirements for pass-through entities. Our audit procedures consisted of testwork completed on subawards charged to the federal awards. The report in which samples were selected was generated directly from the Institute’s general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend that the Institute revise its subaward selection and monitoring policies to include pre-prescribed monitoring procedures based on an assessed level of risk assigned in the subaward selection stage. The assessed level of risk should be documented in a pre-award risk assessment. Additionally, we recommend that the Institute ensure that all subaward agreements include all elements required by §200.332.
Finding # 2023-003 Subrecipient Monitoring (Significant Deficiency) Information on the Federal Programs: Assistance Listing #98.001 USAID Foreign Assistance for Programs Overseas Criteria or Specific Requirement: § 200.332, Requirements for pass-through entities, requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. The statute also requires pass-through entities to include certain federal award identifying information within the subaward agreement. Condition: The Institute maintains subaward selection and monitoring policies. However, the policies do not include pre-prescribed monitoring procedures based on an assessed level of risk assigned in the subaward selection stage. Additionally, as part of our audit, we selected a sample of subawards charged to the major federal programs. We noted that a subaward agreement did not contain certain federal award identifying information, specifically the relevant Federal Assistance Listing Number (ALN). Cause: The Institute maintains subaward selection and monitoring policies that do not include preprescribed monitoring procedures based on an assessed level of risk. Additionally, Federal Assistance Listing Number were omitted from the subaward agreements based on an oversight during the subaward writing process. Effect or Potential Effect: The Institute may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Not including Federal Assistance Listing Numbers in the subaward agreement could lead to the subrecipient omitting the subaward from its Schedule of Expenditures of Federal Awards. Questioned Costs: N/A Context: The Institute executes subaward agreements under US Federal grants. Therefore, the Institute is subject to § 200.332 Requirements for pass-through entities. Our audit procedures consisted of testwork completed on subawards charged to the federal awards. The report in which samples were selected was generated directly from the Institute’s general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend that the Institute revise its subaward selection and monitoring policies to include pre-prescribed monitoring procedures based on an assessed level of risk assigned in the subaward selection stage. The assessed level of risk should be documented in a pre-award risk assessment. Additionally, we recommend that the Institute ensure that all subaward agreements include all elements required by §200.332.
Finding 2023-001: Subrecipient Pre-award Risk Assessment Information on the Federal Programs: All Programs Criteria or Specific Requirement: CFR § 200.332, "Requirements for pass-through entities", requires pass-through entities to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Condition: During our testing of subawards, we were unable to verify that pre-award risk assessment procedures were performed. We additionally noted that these requirements were not incorporated into the Organizations' current policies and procedures. Cause: The Organizations do not have a formal internal policy with respect to performing subaward risk assessments as required by Federal regulation at the execution of the subaward agreements or on a regular basis. Effect or Potential Effect: The Organizations may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Questioned Costs: N/A Context: The Organizations execute subaward agreements under US Federal grants. Therefore, the Organizations are subject to CFR § 200.332 "Requirements for pass-through entities". Our audit procedures consisted of testwork completed on subawards and individual expenditures charged to the Federal awards. The report in which samples were selected was generated directly from the Organizations' general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend the Organizations develop a subaward policy to ensure the risk assessment procedures over its subrecipients are performed and documented prior to engagement. Based on these risk assessments, the Organizations should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend the Organizations require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately. Recommended factors to consider when developing a policy are as follows: Refer to 2 CFR 200.331 part (a) for complete listing of data elements that are required to be included in every subaward, and incorporate this listing into the updated policies and procedures. Establish criteria to be used in the evaluation of the risk of noncompliance associated with the intended subrecipient for the purpose of determining the expected level of oversight during the period of performance. This evaluation should include a scaling system, such as high, medium or low risk (for example), and the monitoring tools and procedures to be performed at each of these levels (additional training, on-site reviews, types of and frequency of reporting, etc.).
Finding 2023-001: Subrecipient Pre-award Risk Assessment Information on the Federal Programs: All Programs Criteria or Specific Requirement: CFR § 200.332, "Requirements for pass-through entities", requires pass-through entities to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Condition: During our testing of subawards, we were unable to verify that pre-award risk assessment procedures were performed. We additionally noted that these requirements were not incorporated into the Organizations' current policies and procedures. Cause: The Organizations do not have a formal internal policy with respect to performing subaward risk assessments as required by Federal regulation at the execution of the subaward agreements or on a regular basis. Effect or Potential Effect: The Organizations may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Questioned Costs: N/A Context: The Organizations execute subaward agreements under US Federal grants. Therefore, the Organizations are subject to CFR § 200.332 "Requirements for pass-through entities". Our audit procedures consisted of testwork completed on subawards and individual expenditures charged to the Federal awards. The report in which samples were selected was generated directly from the Organizations' general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend the Organizations develop a subaward policy to ensure the risk assessment procedures over its subrecipients are performed and documented prior to engagement. Based on these risk assessments, the Organizations should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend the Organizations require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately. Recommended factors to consider when developing a policy are as follows: Refer to 2 CFR 200.331 part (a) for complete listing of data elements that are required to be included in every subaward, and incorporate this listing into the updated policies and procedures. Establish criteria to be used in the evaluation of the risk of noncompliance associated with the intended subrecipient for the purpose of determining the expected level of oversight during the period of performance. This evaluation should include a scaling system, such as high, medium or low risk (for example), and the monitoring tools and procedures to be performed at each of these levels (additional training, on-site reviews, types of and frequency of reporting, etc.).
Finding 2023-001: Subrecipient Pre-award Risk Assessment Information on the Federal Programs: All Programs Criteria or Specific Requirement: CFR § 200.332, "Requirements for pass-through entities", requires pass-through entities to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Condition: During our testing of subawards, we were unable to verify that pre-award risk assessment procedures were performed. We additionally noted that these requirements were not incorporated into the Organizations' current policies and procedures. Cause: The Organizations do not have a formal internal policy with respect to performing subaward risk assessments as required by Federal regulation at the execution of the subaward agreements or on a regular basis. Effect or Potential Effect: The Organizations may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Questioned Costs: N/A Context: The Organizations execute subaward agreements under US Federal grants. Therefore, the Organizations are subject to CFR § 200.332 "Requirements for pass-through entities". Our audit procedures consisted of testwork completed on subawards and individual expenditures charged to the Federal awards. The report in which samples were selected was generated directly from the Organizations' general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend the Organizations develop a subaward policy to ensure the risk assessment procedures over its subrecipients are performed and documented prior to engagement. Based on these risk assessments, the Organizations should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend the Organizations require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately. Recommended factors to consider when developing a policy are as follows: Refer to 2 CFR 200.331 part (a) for complete listing of data elements that are required to be included in every subaward, and incorporate this listing into the updated policies and procedures. Establish criteria to be used in the evaluation of the risk of noncompliance associated with the intended subrecipient for the purpose of determining the expected level of oversight during the period of performance. This evaluation should include a scaling system, such as high, medium or low risk (for example), and the monitoring tools and procedures to be performed at each of these levels (additional training, on-site reviews, types of and frequency of reporting, etc.).
Finding 2023-001: Subrecipient Pre-award Risk Assessment Information on the Federal Programs: All Programs Criteria or Specific Requirement: CFR § 200.332, "Requirements for pass-through entities", requires pass-through entities to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Condition: During our testing of subawards, we were unable to verify that pre-award risk assessment procedures were performed. We additionally noted that these requirements were not incorporated into the Organizations' current policies and procedures. Cause: The Organizations do not have a formal internal policy with respect to performing subaward risk assessments as required by Federal regulation at the execution of the subaward agreements or on a regular basis. Effect or Potential Effect: The Organizations may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Questioned Costs: N/A Context: The Organizations execute subaward agreements under US Federal grants. Therefore, the Organizations are subject to CFR § 200.332 "Requirements for pass-through entities". Our audit procedures consisted of testwork completed on subawards and individual expenditures charged to the Federal awards. The report in which samples were selected was generated directly from the Organizations' general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend the Organizations develop a subaward policy to ensure the risk assessment procedures over its subrecipients are performed and documented prior to engagement. Based on these risk assessments, the Organizations should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend the Organizations require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately. Recommended factors to consider when developing a policy are as follows: Refer to 2 CFR 200.331 part (a) for complete listing of data elements that are required to be included in every subaward, and incorporate this listing into the updated policies and procedures. Establish criteria to be used in the evaluation of the risk of noncompliance associated with the intended subrecipient for the purpose of determining the expected level of oversight during the period of performance. This evaluation should include a scaling system, such as high, medium or low risk (for example), and the monitoring tools and procedures to be performed at each of these levels (additional training, on-site reviews, types of and frequency of reporting, etc.).
Finding 2023-001: Subrecipient Pre-award Risk Assessment Information on the Federal Programs: All Programs Criteria or Specific Requirement: CFR § 200.332, "Requirements for pass-through entities", requires pass-through entities to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Condition: During our testing of subawards, we were unable to verify that pre-award risk assessment procedures were performed. We additionally noted that these requirements were not incorporated into the Organizations' current policies and procedures. Cause: The Organizations do not have a formal internal policy with respect to performing subaward risk assessments as required by Federal regulation at the execution of the subaward agreements or on a regular basis. Effect or Potential Effect: The Organizations may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Questioned Costs: N/A Context: The Organizations execute subaward agreements under US Federal grants. Therefore, the Organizations are subject to CFR § 200.332 "Requirements for pass-through entities". Our audit procedures consisted of testwork completed on subawards and individual expenditures charged to the Federal awards. The report in which samples were selected was generated directly from the Organizations' general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend the Organizations develop a subaward policy to ensure the risk assessment procedures over its subrecipients are performed and documented prior to engagement. Based on these risk assessments, the Organizations should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend the Organizations require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately. Recommended factors to consider when developing a policy are as follows: Refer to 2 CFR 200.331 part (a) for complete listing of data elements that are required to be included in every subaward, and incorporate this listing into the updated policies and procedures. Establish criteria to be used in the evaluation of the risk of noncompliance associated with the intended subrecipient for the purpose of determining the expected level of oversight during the period of performance. This evaluation should include a scaling system, such as high, medium or low risk (for example), and the monitoring tools and procedures to be performed at each of these levels (additional training, on-site reviews, types of and frequency of reporting, etc.).
Finding 2023-001: Subrecipient Pre-award Risk Assessment Information on the Federal Programs: All Programs Criteria or Specific Requirement: CFR § 200.332, "Requirements for pass-through entities", requires pass-through entities to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Condition: During our testing of subawards, we were unable to verify that pre-award risk assessment procedures were performed. We additionally noted that these requirements were not incorporated into the Organizations' current policies and procedures. Cause: The Organizations do not have a formal internal policy with respect to performing subaward risk assessments as required by Federal regulation at the execution of the subaward agreements or on a regular basis. Effect or Potential Effect: The Organizations may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Questioned Costs: N/A Context: The Organizations execute subaward agreements under US Federal grants. Therefore, the Organizations are subject to CFR § 200.332 "Requirements for pass-through entities". Our audit procedures consisted of testwork completed on subawards and individual expenditures charged to the Federal awards. The report in which samples were selected was generated directly from the Organizations' general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend the Organizations develop a subaward policy to ensure the risk assessment procedures over its subrecipients are performed and documented prior to engagement. Based on these risk assessments, the Organizations should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend the Organizations require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately. Recommended factors to consider when developing a policy are as follows: Refer to 2 CFR 200.331 part (a) for complete listing of data elements that are required to be included in every subaward, and incorporate this listing into the updated policies and procedures. Establish criteria to be used in the evaluation of the risk of noncompliance associated with the intended subrecipient for the purpose of determining the expected level of oversight during the period of performance. This evaluation should include a scaling system, such as high, medium or low risk (for example), and the monitoring tools and procedures to be performed at each of these levels (additional training, on-site reviews, types of and frequency of reporting, etc.).
Finding 2023-001: Subrecipient Pre-award Risk Assessment Information on the Federal Programs: All Programs Criteria or Specific Requirement: CFR § 200.332, "Requirements for pass-through entities", requires pass-through entities to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Condition: During our testing of subawards, we were unable to verify that pre-award risk assessment procedures were performed. We additionally noted that these requirements were not incorporated into the Organizations' current policies and procedures. Cause: The Organizations do not have a formal internal policy with respect to performing subaward risk assessments as required by Federal regulation at the execution of the subaward agreements or on a regular basis. Effect or Potential Effect: The Organizations may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Questioned Costs: N/A Context: The Organizations execute subaward agreements under US Federal grants. Therefore, the Organizations are subject to CFR § 200.332 "Requirements for pass-through entities". Our audit procedures consisted of testwork completed on subawards and individual expenditures charged to the Federal awards. The report in which samples were selected was generated directly from the Organizations' general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend the Organizations develop a subaward policy to ensure the risk assessment procedures over its subrecipients are performed and documented prior to engagement. Based on these risk assessments, the Organizations should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend the Organizations require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately. Recommended factors to consider when developing a policy are as follows: Refer to 2 CFR 200.331 part (a) for complete listing of data elements that are required to be included in every subaward, and incorporate this listing into the updated policies and procedures. Establish criteria to be used in the evaluation of the risk of noncompliance associated with the intended subrecipient for the purpose of determining the expected level of oversight during the period of performance. This evaluation should include a scaling system, such as high, medium or low risk (for example), and the monitoring tools and procedures to be performed at each of these levels (additional training, on-site reviews, types of and frequency of reporting, etc.).
Finding 2023-001: Subrecipient Pre-award Risk Assessment Information on the Federal Programs: All Programs Criteria or Specific Requirement: CFR § 200.332, "Requirements for pass-through entities", requires pass-through entities to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Condition: During our testing of subawards, we were unable to verify that pre-award risk assessment procedures were performed. We additionally noted that these requirements were not incorporated into the Organizations' current policies and procedures. Cause: The Organizations do not have a formal internal policy with respect to performing subaward risk assessments as required by Federal regulation at the execution of the subaward agreements or on a regular basis. Effect or Potential Effect: The Organizations may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Questioned Costs: N/A Context: The Organizations execute subaward agreements under US Federal grants. Therefore, the Organizations are subject to CFR § 200.332 "Requirements for pass-through entities". Our audit procedures consisted of testwork completed on subawards and individual expenditures charged to the Federal awards. The report in which samples were selected was generated directly from the Organizations' general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend the Organizations develop a subaward policy to ensure the risk assessment procedures over its subrecipients are performed and documented prior to engagement. Based on these risk assessments, the Organizations should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend the Organizations require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately. Recommended factors to consider when developing a policy are as follows: Refer to 2 CFR 200.331 part (a) for complete listing of data elements that are required to be included in every subaward, and incorporate this listing into the updated policies and procedures. Establish criteria to be used in the evaluation of the risk of noncompliance associated with the intended subrecipient for the purpose of determining the expected level of oversight during the period of performance. This evaluation should include a scaling system, such as high, medium or low risk (for example), and the monitoring tools and procedures to be performed at each of these levels (additional training, on-site reviews, types of and frequency of reporting, etc.).
FINDING 2023-002 Program Information: Temporary Assistance for Needy Families (ALN #93.558) Criteria or Specific Requirement (Including Statutory, Regulatory or Other Citation): Federal Compliance Requirement: M. Subrecipient Monitoring – The pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f). Condition: The Organization did not have sufficient monitoring processes in place to detect erroneous costs charged to the TANF grant. Cause: Lack of administrative oversight with respect to subrecipient monitoring requirements. Effect or Potential Effect: The Organization was not in compliance with subrecipient monitoring requirements. Questioned Costs: Amount below reportable threshold. Context: For 1 of 22 invoices the Organization did not perform sufficient subrecipient monitoring procedures to detect erroneous costs charged by the subrecipient. Identification as a Repeat Finding: No similar findings noted in the prior year. Recommendation: We recommend that the Organization enhance its policies and procedures over subrecipient monitoring to properly detect and prevent erroneous calculations. Views of Responsible Officials and Planned Corrective Actions: The Organization will properly monitor the subaward disbursed to provide reasonable assurance the subrecipient used the subaward for authorized purposes.
Finding 2023-002: Subrecipient Monitoring - Review of Audit Reports Information on the Federal Program: Assistance Listing Numbers 19.705 and 19.345 Criteria: As stated in 2 CFR 200.332(f), all pass-through entities must verify that every subrecipient is audited as required by 2 CFR 200 Subpart F when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold for triggering such an audit. Condition: We were unable to determine whether Accountability Lab performed procedures to verify whether or not its subrecipients were subject to a compliance audit in accordance with 2 CFR 200 Subpart F. Cause: Accountability Lab does not have a formal/regularized process in place to monitor subrecipient audit requirements. Effect: Accountability Lab's current practices do not provide sufficient documentation to demonstrate its compliance with the requirements to obtain and review subrecipient audit reports. Questioned Costs: None noted. Context: Our audit work included three subrecipients across two major programs. For two out of the three subrecipients tested, we were not able to verify whether or not Accountability Lab obtained and reviewed the subrecipient audit reports. Identification as a Repeat Finding: Not applicable. Recommendation: Accountability Lab should implement a "Review of Subrecipient Audit" form, to be completed annually for each subrecipient that receives U.S. Government funding. The form should document a) the subrecipient's name; b) the annual amount of U.S. Government funds expended by the subrecipient; c) whether the subrecipient was subject to a U.S. Government compliance audit under 2 CFR 200 Subpart F; and d) Accountability Lab's formal review of the audit report as well as its conclusions and follow up on any reported findings, if applicable.
Finding 2023-002: Subrecipient Monitoring - Review of Audit Reports Information on the Federal Program: Assistance Listing Numbers 19.705 and 19.345 Criteria: As stated in 2 CFR 200.332(f), all pass-through entities must verify that every subrecipient is audited as required by 2 CFR 200 Subpart F when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold for triggering such an audit. Condition: We were unable to determine whether Accountability Lab performed procedures to verify whether or not its subrecipients were subject to a compliance audit in accordance with 2 CFR 200 Subpart F. Cause: Accountability Lab does not have a formal/regularized process in place to monitor subrecipient audit requirements. Effect: Accountability Lab's current practices do not provide sufficient documentation to demonstrate its compliance with the requirements to obtain and review subrecipient audit reports. Questioned Costs: None noted. Context: Our audit work included three subrecipients across two major programs. For two out of the three subrecipients tested, we were not able to verify whether or not Accountability Lab obtained and reviewed the subrecipient audit reports. Identification as a Repeat Finding: Not applicable. Recommendation: Accountability Lab should implement a "Review of Subrecipient Audit" form, to be completed annually for each subrecipient that receives U.S. Government funding. The form should document a) the subrecipient's name; b) the annual amount of U.S. Government funds expended by the subrecipient; c) whether the subrecipient was subject to a U.S. Government compliance audit under 2 CFR 200 Subpart F; and d) Accountability Lab's formal review of the audit report as well as its conclusions and follow up on any reported findings, if applicable.
Finding 2023-002: Subrecipient Monitoring - Review of Audit Reports Information on the Federal Program: Assistance Listing Numbers 19.705 and 19.345 Criteria: As stated in 2 CFR 200.332(f), all pass-through entities must verify that every subrecipient is audited as required by 2 CFR 200 Subpart F when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold for triggering such an audit. Condition: We were unable to determine whether Accountability Lab performed procedures to verify whether or not its subrecipients were subject to a compliance audit in accordance with 2 CFR 200 Subpart F. Cause: Accountability Lab does not have a formal/regularized process in place to monitor subrecipient audit requirements. Effect: Accountability Lab's current practices do not provide sufficient documentation to demonstrate its compliance with the requirements to obtain and review subrecipient audit reports. Questioned Costs: None noted. Context: Our audit work included three subrecipients across two major programs. For two out of the three subrecipients tested, we were not able to verify whether or not Accountability Lab obtained and reviewed the subrecipient audit reports. Identification as a Repeat Finding: Not applicable. Recommendation: Accountability Lab should implement a "Review of Subrecipient Audit" form, to be completed annually for each subrecipient that receives U.S. Government funding. The form should document a) the subrecipient's name; b) the annual amount of U.S. Government funds expended by the subrecipient; c) whether the subrecipient was subject to a U.S. Government compliance audit under 2 CFR 200 Subpart F; and d) Accountability Lab's formal review of the audit report as well as its conclusions and follow up on any reported findings, if applicable.
Finding: Subrecipient Monitoring Federal Assistance Listing Number 21.023 COVID-19 Emergency Rental Assistance Program Department of Treasury Award Number - ERAE0226, Award Year 2021 Criteria: According to 2 CFR Part 200.332 - All pass through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and include various required information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. In addition, pass through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Finally, the pass through entities must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, is in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Condition: During testing, we noted the following: - The Assistance Listings number and Title were not provided to the County's two subrecipients in accordance with 2 CFR Part 200.332(a) - The County did not have a formal documented risk assessment completed for either of the County's two subrecipients in accordance with 2 CFR Part 200.332(b) - The County did not obtain or review one of the subrecipients single audit reports in accordance with 2 CFR Part 200.332(f) Questioned costs: None. Context: We tested the County's two subrecipients receiving $1,075,000 in subrecipient awards for the year ended December 31, 2023 and noted the issues above. A non-statistical sampling methodology was used to select the sample. Effect: The subrecipient may be unaware whether the funds are federal or what compliance requirements they are responsible for following. In addition, The County may not perform the adequate level of monitoring as formal risk assessments were not completed. Finally, the County did not review the single audit report and while any finding would not directly be related to the subaward program, failure to review such reports and take appropriate action could result in non-compliance by the subrecipient continuing for an inappropriate length of time. Cause: The County does not have adequate internal controls over subrecipient monitoring to ensure that the County is in compliance with subrecipient monitoring requirements. Identification as a repeat finding: Not applicable. Recommendation: We recommend that the County develop a risk assessment template or form to be completed over each federal subrecipient. The County should provide training to those administering grants over the development risk assessment template or form and the associated monitoring to be performed based on each assessed risk. In addition, the County should develop a subrecipient grant template to help ensure all required information is included within each award. Finally, the County should establish a policy or procedure over obtaining and reviewing audits completed over each of their subrecipients. Views of responsible officials: The County agrees with the finding. See separate auditee document for planned corrective actions.
Finding Number: 2023-001 Internal Control over Compliance and Compliance with the Subrecipient Monitoring Compliance Requirement, Repeat Finding, Finding No. 2022-001 Identification of the Major Federal Program: Programs: Government Agency: Inclusion Across the Nation of Communities of Learners of Underrepresented Discoverers in Engineering and Science Assistance Listing Number: 47.076 Award Number: HRD-1834540 Award Years: 09/01/2018 – 02/28/2025 PhysTEC: Building a Solution to the National Physics Teacher Shortage Assistance Listing Number: 47.049 Award Number: PHY-1707990 Award Years: 07/01/2017 – 06/30/2023 National Science Foundation (NSF) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. In accordance with the Uniform Guidance in 2 CFR Section 200.331, a pass-through entity (PTE) must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: 1. reviewing financial and programmatic (performance and special reports) required by the PTE; 2. following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means; 3. issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Furthermore, under the requirements of the Federal Funding Accountability and Transparency Act (FFATA) (Pub. L. No. 109-282), as amended by Section 6202 of Public Law 110-252, hereafter referred as the “Transparency Act” that are codified in 2 CFR Part 170, recipients (i.e., direct recipients) of grants or cooperative agreements are required to report first-tier subawards of $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). If a subaward/subcontract was subject to reporting under the Transparency Act, the action was required to be reported in FSRS no later than the last day of the month following the month in which the subaward/subcontract amendment obligation was made or in the subcontract award/subcontract modification was made. Conditions – Our examination of the program’s subrecipient monitoring requirements includes the review and approval of financial and performance quarterly reports by the program managers. The quarterly reports are prepared by APS’ grants administrator with inputs provided by the subrecipient submitted to the program managers. Of the program’s twenty (20) subrecipients, we examined eight (8) subrecipients and observed that although the respective program managers had monitoring oversight of the various grant’s financial and programmatic activities, there was no formal evidentiary documentation to support the monitoring oversight process performed by the program managers. Furthermore, our examination of the program’s subrecipient monitoring requirements includes follow-ups by APS to ensure the subrecipients take timely and appropriate action on all deficiencies pertaining to federal awards provided to the subrecipients which have been detected through reviews of audits, on-site reviews, and other means. We selected six (6) subrecipients for testing and noted that for two (2) samples selected APS was unable to provide evidence that it monitored the subrecipients through review of its single audit reports, on-site reviews, and other means. We also tested a sample of three (3) subrecipients and our examination of the monitoring and reporting requirements revealed that APS did not report the information on a subaward of $30,000 or more in federal funds timely and on one (1) of the sub awards reported, the contract award amount reported is less than the actual expenditures incurred by the subrecipient. APS began implementation of its corrective action plan on June 5, 2023, and the exceptions identified above is as a result of the fact that APS was still in the implementation process of its corrective action plan. Cause - Management does not have adequate internal controls and policies and procedures in place to ensure that a review is performed on the financial and programmatic reports in a timely manner and to ensure that its subrecipients do not have any audit deficiencies relating to federal award programs and if any deficiencies are detected, that the subrecipients takes timely and appropriate action to resolve the deficiencies identified. There is also a lack of established monitoring and internal control procedures in place to ensure that reports required under the Transparency Act are prepared and submitted timely in FSRS Reporting System resulted in APS’ noncompliance with the reporting requirements. Effect or potential effect – APS is not in compliance with the subrecipient monitoring requirements as it did not maintain consistent documented evidence of its monitoring of subrecipients. In addition, failure to comply with the reporting requirements of the Uniform Guidance could result in the awarding agency taking action such as reducing future funding. Questioned Costs – None. Context – These are conditions identified per review of APS compliance with specified compliance requirements using a statistically valid sample. Recommendations – BDO recommends that APS continue to apply the implemented policies, procedures and controls that will ensure that all requisite reports are reviewed, and evidence of review are documented and maintained. Furthermore, APS should continue to implement policies to obtain and review single audit reports of its subrecipients in order to ensure compliance with all the required laws, guidelines and requirement under the award. BDO recommends that APS continues to implement established policies and procedure over the preparation and timely submission of reports required under the Transparency Act to ensure compliance with reporting requirements. Views of Responsible Officials - APS concurs with this finding. APS’ corrective action is described in the Management’s Corrective Action Plan included below.
Finding Number: 2023-001 Internal Control over Compliance and Compliance with the Subrecipient Monitoring Compliance Requirement, Repeat Finding, Finding No. 2022-001 Identification of the Major Federal Program: Programs: Government Agency: Inclusion Across the Nation of Communities of Learners of Underrepresented Discoverers in Engineering and Science Assistance Listing Number: 47.076 Award Number: HRD-1834540 Award Years: 09/01/2018 – 02/28/2025 PhysTEC: Building a Solution to the National Physics Teacher Shortage Assistance Listing Number: 47.049 Award Number: PHY-1707990 Award Years: 07/01/2017 – 06/30/2023 National Science Foundation (NSF) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. In accordance with the Uniform Guidance in 2 CFR Section 200.331, a pass-through entity (PTE) must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: 1. reviewing financial and programmatic (performance and special reports) required by the PTE; 2. following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means; 3. issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Furthermore, under the requirements of the Federal Funding Accountability and Transparency Act (FFATA) (Pub. L. No. 109-282), as amended by Section 6202 of Public Law 110-252, hereafter referred as the “Transparency Act” that are codified in 2 CFR Part 170, recipients (i.e., direct recipients) of grants or cooperative agreements are required to report first-tier subawards of $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). If a subaward/subcontract was subject to reporting under the Transparency Act, the action was required to be reported in FSRS no later than the last day of the month following the month in which the subaward/subcontract amendment obligation was made or in the subcontract award/subcontract modification was made. Conditions – Our examination of the program’s subrecipient monitoring requirements includes the review and approval of financial and performance quarterly reports by the program managers. The quarterly reports are prepared by APS’ grants administrator with inputs provided by the subrecipient submitted to the program managers. Of the program’s twenty (20) subrecipients, we examined eight (8) subrecipients and observed that although the respective program managers had monitoring oversight of the various grant’s financial and programmatic activities, there was no formal evidentiary documentation to support the monitoring oversight process performed by the program managers. Furthermore, our examination of the program’s subrecipient monitoring requirements includes follow-ups by APS to ensure the subrecipients take timely and appropriate action on all deficiencies pertaining to federal awards provided to the subrecipients which have been detected through reviews of audits, on-site reviews, and other means. We selected six (6) subrecipients for testing and noted that for two (2) samples selected APS was unable to provide evidence that it monitored the subrecipients through review of its single audit reports, on-site reviews, and other means. We also tested a sample of three (3) subrecipients and our examination of the monitoring and reporting requirements revealed that APS did not report the information on a subaward of $30,000 or more in federal funds timely and on one (1) of the sub awards reported, the contract award amount reported is less than the actual expenditures incurred by the subrecipient. APS began implementation of its corrective action plan on June 5, 2023, and the exceptions identified above is as a result of the fact that APS was still in the implementation process of its corrective action plan. Cause - Management does not have adequate internal controls and policies and procedures in place to ensure that a review is performed on the financial and programmatic reports in a timely manner and to ensure that its subrecipients do not have any audit deficiencies relating to federal award programs and if any deficiencies are detected, that the subrecipients takes timely and appropriate action to resolve the deficiencies identified. There is also a lack of established monitoring and internal control procedures in place to ensure that reports required under the Transparency Act are prepared and submitted timely in FSRS Reporting System resulted in APS’ noncompliance with the reporting requirements. Effect or potential effect – APS is not in compliance with the subrecipient monitoring requirements as it did not maintain consistent documented evidence of its monitoring of subrecipients. In addition, failure to comply with the reporting requirements of the Uniform Guidance could result in the awarding agency taking action such as reducing future funding. Questioned Costs – None. Context – These are conditions identified per review of APS compliance with specified compliance requirements using a statistically valid sample. Recommendations – BDO recommends that APS continue to apply the implemented policies, procedures and controls that will ensure that all requisite reports are reviewed, and evidence of review are documented and maintained. Furthermore, APS should continue to implement policies to obtain and review single audit reports of its subrecipients in order to ensure compliance with all the required laws, guidelines and requirement under the award. BDO recommends that APS continues to implement established policies and procedure over the preparation and timely submission of reports required under the Transparency Act to ensure compliance with reporting requirements. Views of Responsible Officials - APS concurs with this finding. APS’ corrective action is described in the Management’s Corrective Action Plan included below.