Condition: During our test of (2) expenditures totaling $332,735, for the Coronavirus State and Local Fiscal Recovery Funds, it was noted the County did not have a subrecipient monitoring policy and did not obtain subrecipient agreements from its two (2) subrecipients comparing the following information: • Subrecipient name. • Subrecipient Authorized Representative and program contact information. • Subrecipient Employee Identification Number (EIN) and Data Universal Numbering System (DUNS) number. • Federal Award Identification Number (FAIN). • Name of Federal Awarding Agency. • Contact information for the official at the Federal Awarding Agency. • Catalog of Assistance Listing (AL) number and name. • Federal award date. • Total amount of the federal award and indirect cost rate. • Federal award project description. • Start and end date of the agreement. • Amount of federal funds budgeted for the agreement and indirect cost rate allowed. • A statement that all activities must be in accordance with federal statutes, regulations, and terms and conditions of the federal award. The subrecipient should receive a copy of the award documents. • A detailed description of any additional requirements you want the subrecipient to be responsible for such as performance and/or financial reports, attending meetings and/or trainings, etc. • A statement about the monitoring activities, such as where/when they will take place; also include a statement indicating the subrecipient will collaborate on monitoring activities including providing requested financial documents. • A statement indicating if any of the items in the agreement change during the period of performance, the agreement will be amended. • Provide close out terms and conditions. Cause of Condition: Policies and procedures have not been designed and implemented to ensure federal expenditures are made in accordance with compliance requirements. Effect of Condition: This condition resulted in noncompliance with grant requirements. Recommendation: OSAI recommends the County gain an understanding of the requirements for this program and implement internal controls to ensure compliance with these requirements. Management Response: Chairman of the Board of County Commissioners: This issue originated under the prior County Clerk’s administration where key reporting processes were not followed. The Board of County Commissioners and the other elected officials have made correcting this a top priority. Together, we are: • developing a comprehensive SOP to ensure accurate and timely tracking and reporting of Federal funds, • improving communication and oversight between all county offices to ensure consistent reporting standards, • and ensuring annual compliance with federal reporting requirements. Our collective goal is to implement the policies and structures that will keep Osage County operating with the highest standard of accountability and excellence County Clerk: I was not the County Clerk in office at this time. To correct this issue, the County plans to develop a SOP to timely and accurately track and report on Grants and Awards. The SOP will be reviewed, adopted, and monitored by the Board of County Commissioners. Criteria: 2 CFR 200, §200.332 Requirements for Pass-Through Entities states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award. (5) A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part. (6) Appropriate terms and conditions concerning closeout of the subaward.
2024-007 Federal Agencies: U.S. Department of Agriculture Federal Program Names: The Child Nutrition Cluster: National School Lunch Program Summer Food Service Program Child and Adult Care Food Program Assistance Listing Numbers: 10.555 10.559 10.558 Pass-Through Agency: Commonwealth of Pennsylvania, Department of Education Pass-Through Number: 359-46-477-8 Award Period: July 1, 2023 through June 30, 2024 Type of Finding: • Material Weakness in Internal Control over Compliance Criteria: Under 2 CFR 200.332(d), pass-through entities must monitor the activities of subrecipients as necessary to ensure that the subaward is used for authorized purposes and in compliance with Federal statutes, regulations, and the terms and conditions of the subaward. Additionally, Child and Adult Care Program (CACFP), National School Lunch Program (NSLP) and Summer Food Service Program (SFSP) monitoring requirements established by the Pennsylvania Department of Education (PDE) require CBS Food Program to conduct meal observation reviews at each contracted center every six months, including at least two unannounced visits, and maintain documentation of such reviews. Condition: During our testing of subrecipient monitoring activities for PDE programs CACFP, NLSP, and SFSP, we selected 31 contracted centers at random. Management provided documentation for each site, including contracts, meal pattern usage records, licensure and training documentation, and both announced and unannounced meal observation reviews. However, we found that CBS Food Program did not always maintain sufficient evidence to prove required monitoring was performed under the CACFP program. For one center, management could not produce proof that meal observation reviews or the mandated two unannounced visits occurred. At another center, neither a contract nor any meal observation review records, including the two required unannounced visits, could be provided. For the NLSP and SFSP, management was unable to provide contracts for any of the seven sampled centers. Additionally, there was no evidence of training for one center, and a second center had a noncompliant monitoring visit; although corrective action was prepared, follow-up occurred only after 66 days instead of within the required 45-day window. Questioned Costs: None Cause: Management did not maintain sufficient internal controls to ensure required monitoring documentation was consistently obtained, retained, and reviewed for each contracted center. In some cases, monitoring activities may not have been performed, or they were completed but not properly documented. Effect: Failure to perform and/or document required monitoring procedures increases the risk that contracted centers may not comply with PDE CACFP, NLSP and SFSP requirements, potentially resulting in: • Noncompliance with federal monitoring requirements • Inaccurate or unsupported program reimbursements • Risk of disallowed costs or questioned costs under the PDE CACFP, NLSP, and SFSP grants • Inability to demonstrate program oversight during audits Recommendation: We recommend that management strengthen internal controls to ensure all required PDE CACFP, NLSP and SFSP subrecipient monitoring activities, including scheduled meal observations and the mandated unannounced visits—are consistently performed, documented, and retained. Management should implement a centralized tracking system to monitor review deadlines, required follow up actions, and receipt of supporting documentation from each contracted center. In addition, staff responsible for monitoring should receive periodic refresher training on PDE CACFP, NLSP and SFSP specific expectations. Finally, management should conduct periodic internal reviews to verify that monitoring documentation is complete, compliant, and appropriately maintained. Views of Responsible Officers and Corrective Action Plan: Please refer to Community Benefit Solutions dba CBS Food Program’s Corrective Action Plan.
Reference Number: 2024-016 Prior Year Finding: 2023-011 Federal Agency: U.S Department of the Treasury U.S. Department of Education State Agency: Department of Education Federal Program: COVID-19 - Coronavirus State and Local Fiscal Recovery Funds (CSLFRF) COVID-19 – Education Stabilization Fund (ESF) Assistance Listing Number: 21.027 84.425 C, D, R, U, V, W Award Number and Year: CSLFRF: 2021 ESF: S425C210002, 2021-2023 S425D210005, 2021-2023 S425R210006, 2021-2023 S425U210005, 2021-2024 S425V210006, 2022-2024 S425W210021, 2021-2024 Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: Per 2 CFR 200 section 200.332 (a)1 (ii) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes required federal award information at the time of the subaward. If any of the data elements change, include the changes in subsequent subaward modifications. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: Subrecipient's unique entity identifier. Per 2 CFR 200 section 200.332 (a)1(d) a non-Federal entity should monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Internal Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Education (Department) was unable to provide documentation that it had subrecipient monitoring procedures in place, nor that monitoring activities were performed. The Department also did not include all required information in subawards it issued to subrecipients. The Department’s 2023 corrective action plan noted that resolution of the finding would not be until FY 2025. The auditor obtained the Department’s project monitoring plan and monitoring survey implemented during fiscal year 2025. Context: ESF: Twenty-nine subrecipients were selected for testing and the following exceptions were noted: • For 29 of 29 subrecipients selected for testing, the Department was unable to provide documentation that subrecipient monitoring procedures were in place nor that subrecipient monitoring was performed. • For 2 of 29 subrecipients selected for testing, the subrecipient’s unique identifier was not obtained. The subaward did not contain the required information nor did the Department provide documentation of obtaining the information for the subrecipient. CSLFRF: For seven of seven subrecipients selected for testing, the Department was unable to provide documentation that subrecipient monitoring procedures were in place nor that subrecipient monitoring was performed. Cause: The subawards for non-public schools did not contain the required information, which was not identified during the review process. The Department’s 2023 corrective action plan noted that resolution of the finding would not be until FY 2025. The auditor obtained the Department’s project monitoring plan and monitoring survey implemented during fiscal year 2025. Effect: The Department is not in compliance with the grantor’s reporting requirements during the audit period. Questioned costs: None noted. Recommendation: We recommend that the Department continue to implement the sub recipient monitoring procedures and develop internal controls to ensure that the monitoring requirements are performed in a consistent and timely manner. Furthermore, the procedures should ensure that the documentation supporting compliance is maintained and readily available for review. We also recommend that the subawards contain all required federal award information. Views of responsible officials: Management agrees with the finding.
Finding 2024-007 U.S. Department of Health and Human Services Assistance Listing Number 93.137 – Community Programs to Improve Minority Health Grant Program Material Weakness and Noncompliance over Subrecipient Monitoring Repeat Finding: Yes, 2023-007, 2023-008, 2023-009 Criteria: A pass-through entity (PTE) must clearly identify to the subrecipient the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.331(a)(1); all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.331(a)(2)); and any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.331(a)(3)). A PTE must also evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)),and monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). Condition and Context: For 1 out of 1 selection, the City was not able to provide support showing evidence of the risk assessment performed prior to granting funds to the subrecipient and of the monitoring of the subrecipient during the year. Additionally, various information related to the funding source and the grant were missing on the memorandum of understanding (assistance listing number, federal department grantor, single audit requirements, etc.) Cause: The program has had significant employee turnover and there was a lack of documentation of these policies and procedures. Program management does not have knowledge of the process used to select subrecipients. Monitoring procedures performed were not documented and reports submitted by the subrecipients were not reviewed. Effect or Potential Effect: Failure to explicitly state federally-imposed requirements and regulations may result in noncompliance by the subrecipient. Selecting subrecipients without a formal evaluation process and performing minimal monitoring procedures increases the risk of noncompliance for the City and could lead to a loss of funding if the subrecipients are deemed noncompliant. Questioned Costs: Unknown. Recommendation: Program management should revise subaward agreements to specifically note the requirements and regulations of the Uniform Guidance, as noted in Section 200.331(a). Additionally, program management should develop standardized procedures for selecting and granting subawards. These procedures should be formalized and maintained for future reference. Brief minutes of progress meetings should be taken to show that monitoring is taking place. All reporting by the subrecipient should be reviewed by management of the program. Views of Responsible Officials: Management agrees with the finding. Refer to the Corrective Action Plan Section of this report.
State Agency: Illinois Governor’s Office of Management and Budget (GOMB) Federal Agency: U.S. Department of Agriculture (USDA), U.S. Department of Justice (DOJ), U.S. Department of Labor (DOL), U.S. Department of Transportation (DOT), U.S. Department of the Treasury (TREAS), U.S. Department of Education (USDE), U.S. Department of Health and Human Services (USDHHS), U.S. Department of Homeland Security (USDHS) Program Name: WIC Special Supplemental Nutrition Program for Women, Infants and Children, Cild and Adult Care Food Program (CACFP), Crime Victims Assistance Program (CVA), WIOA Cluster (WIOA), Highway Planning and Construction (Highway Planning), Coronavirus State and Local Fiscal Recovery Funds (SLFRF),Title I Grants to Local Educational Agencies (Title I), Special Education Cluster (IDEA), Twenty-First Century Community Learning Centers (Twenty-First Century), Supporting Effective Instruction State Grants (SEISG) Education Stabilization Fund (ESF), Aging Cluster, Epidemiology and Laboratory Capacity for Infectious Diseases (ELC), Temporary Assistance for Needy Families (TANF), Child Support Services, Low-Income Home Energy Assistance (LIHEAP), Child Care and Development Fund (CCDF) Cluster, Social Services Block Grant (SSBG), Block Grants for Prevention and Treatment of Substance Abuse (SAPT), Homeland Security Grant Program (Homeland Security) ALN and Program Expenditures: 10.557 ($181,526,312), 10.558 ($170,354,298), 16.575 ($53,095,634), 17.258/17.259/17.278 ($142,310,788), 20.205 ($2,192,857,212), 21.027 ($230,448,761), 84.010A ($696,900,040), 84.027/84.173 ($639,950,722), 84.287C ($61,131,992), 84.367A ($79,837,486), 84.425 ($2,176,294,000), 93.044/93.045/93.053 ($68,210,944), 93.323 ($94,269,102), 93.558 ($583,126,272), 93.563 ($135,029,923), 93.568 ($205,171,791), 93.575/93.596 ($747,612,292), 93.667 ($55,634,435), 93.959 ($114,897,412), 97.067 ($78,892,342) Award Numbers: Various – see table of award numbers Federal Award Year: Various – see table of award numbers Questioned Costs: None Compliance Requirement: Subrecipient Monitoring Finding 2024-002: Inadequate Monitoring of Subrecipient Single Audit Reviews Condition Found: The State of Illinois did not establish adequate controls to monitor the completion and documentation of the review of single audit reports for its subrecipients of the Special Supplemental Nutrition Program for Women, Infants, and Children (WIC), Child and Adult Care Food Program (CACFP), Crime Victims Assistance Program (CVA), WIOA Cluster (WIOA), Highway and Planning Construction (Highway), Coronavirus State and Local Fiscal Recovery Funds (SLFRF), Title I Grants to Local Education Agencies (Title I), Special Education Cluster (IDEA), Twenty-First Century Community Learning Centers (Twenty-First Century), Supporting Effective Instruction State Grants (SEISG), Education Stabilization Funds (ESF), Aging Cluster (Aging), Epidemiology and Laboratory Capacity for Infectious Diseases (ELC), Temporary Assistance for Needy Families (TANF), Child Support Services (CSS), Low-Income Home Energy Assistance (LIHEAP), Child Care and Development Fund (CCDF) Cluster, Social Services Block Grant (SSBG), Block Grants for Prevention and Treatment of Substance Abuse (SAPT), and Homeland Security Grant (Homeland Security) programs in the State's Grant Accountability and Transparency Act (GATA) Audit Report Review Management System (ARRMS). The State of Illinois established the Grant Accountability Transparency Unit (GATU) to implement the provisions of GATA on a centralized basis. GATU has established standardized reporting requirements for subrecipients of the various Federal programs administered by the State through its various departments. Subrecipients of the State are required to certify whether they expended more than $750,000 in federal awards during the fiscal year and submit their single audit reporting packages to the Federal Audit Clearinghouse (if required). GATU is then responsible for obtaining the single audit reporting package, verifying the report meets the single audit requirements, and assigning, to the applicable state agency, any findings attributable to amounts passed through to the subrecipient(s) by the State and working with program personnel to issue management decisions on findings. The State utilizes a contractor to perform the centralized functions of obtaining the single audit report, verifying the report meets the requirements, and assigning findings to the applicable State agency. During our testing of subrecipient single audit desk review files for our 2024 major programs, we noted instances where single audit desk reviews were still in process and had not been finalized within GATA ARRMS as of the date of our testing (July 10, 2025). Upon further review of data contained within GATA ARRMS, we identified 637 single audit reviews were identified as incomplete in GATA ARRMS for grantees who: (1) reported expenditures under fiscal year 2024 major programs, (2) had an audit report with a Federal Audit Clearinghouse acceptance date between January 2, 2023 and January 2, 2024 (requiring the report to be reviewed during fiscal year 2024) and (3) were not sanctioned (placed on the Illinois Stop Payment List) by the State for noncompliance with reporting requirements. These 637 reviews were in varying stages of completion with the majority (587 audits) pending documentation supporting the issuance of a final completion letter by the cognizant agency. The remaining 50 audits (7.8%) were pending receipt of documentation, pending a review, or had another error requiring follow-up. These 637 audits included 295 audits (46.3%) with one or more findings potentially requiring a management decision to be issued. We noted the cognizant agencies for the 637 incomplete single audit reviews in GATA ARRMS were as follows: "See Table in the Audit Report" The 637 incomplete single audit reviews in GATA ARRMS pertained to subrecipients of the following major programs: "See Table in the Audit Report" While in many instances there was evidence the State agencies had completed the necessary procedures outside of GATA ARRMS, the purpose of GATA ARRMS is to reduce the duplication of effort across State agencies and to provide a single submission point for the State’s subrecipients. The lack of monitoring controls around this centralized process may result in noncompliance with subrecipient single audit desk review requirements. The State’s subrecipient expenditures under the federal programs for the year ended June 30, 2024 were as follows: "See Table in the Audit Report" Criteria or Requirement: According to 2 CFR 200.332(d), a pass-through entity is required to monitor the activities of subrecipients as necessary to ensure the federal awards are used for authorized purposes in compliance with laws, regulations, and the provisions of contracts or grant agreements and that performance goals are achieved. Further, 2 CFR 200.332(d)(3) and 2 CFR 200.521 state that a pass-through entity is required to issue a management decision on audit findings within six months of acceptance of the audit report by the FAC and ensure that the subrecipient takes timely and appropriate corrective action on all audit findings. In addition, 2 CFR 200.303 requires nonfederal entities to, among other things, establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Effective internal controls should include implementing procedures to monitor whether single audit reports are reviewed, management decision letters are issued, and single audit desk review files are closed out in GATA ARRMS in a timely manner. Cause: In discussing these conditions with GOMB officials, management stated that the incompleteness of the State’s audit reviews in GATA ARRMS was due to oversight. Possible Asserted Effect: Failure to complete and document reviews of subrecipient single audit reports in GATA ARRMS in a timely manner may result in noncompliance with the State’s obligation as a pass-through entity to appropriately monitor its subrecipients. Repeat Finding: A similar finding was reported in the prior year audit as finding number 2024-002. (Finding Code 2024-002, 2023-002) Statistical Sampling: The sample was not intended to be, and was not, a statistically valid sample. Recommendation: We recommend GOMB establish procedures to monitor the completion and documentation of single audit report reviews in GATA ARRMS to ensure the State complies with its obligation as a pass-through entity. Views of GOMB Officials: GOMB agrees with the finding.
State Agency: Illinois Department of Human Services (IDHS) Federal Agency: U.S. Department of the Treasury (TREAS) Program Name: COVID-19 – Coronavirus State and Local Fiscal Recovery Funds ALN and Program Expenditures: 21.027 ($230,448,761) Award Numbers: Various – see table of award numbers Federal Award Year: Various – see table of award numbers Questioned Costs: None Compliance Requirement: Subrecipient Monitoring Finding 2024-004: Inadequate Monitoring of Subrecipients of the CSLFRF Program Condition Found: Coronavirus State and Local Fiscal Recovery Funds (CSLFRF) program during the year ended June 30, 2024. Multiple State agencies are involved in awarding, expending, and administering funding under the CSLFRF program in Illinois. As a result, each State agency is responsible for monitoring the subrecipients they award CSLFRF funding. As a pass-through entity of the CLSFRF program, IDHS was responsible for: • Identifying the awards and applicable requirements, • Evaluating each subrecipient’s risks of noncompliance for purposes of determining the appropriate monitoring procedures related to the subaward, • Monitoring the activities of each subrecipient as necessary to ensure the subaward is used for authorized purposes, the subrecipients comply with the terms and conditions of the subawards, and the subrecipients achieve performance goals, and • Issuing a management decision for audit findings pertaining to the federal award provided to each subrecipient, if applicable. IDHS requires CSLFRF subrecipients to provide periodic performance reports which contain performance measures and program accomplishments to permit IDHS to monitor CSLFRF program results. During our testing of documentation provided by IDHS for 28 CSLFRF grantees (with expenditures of $23,703,366), IDHS could not provide evidence periodic performance reports were obtained or reviewed during the audit period by IDHS for 26 of the subrecipients tested. Because the CSLFRF program funds a variety of State programs operated by various program areas and bureaus within IDHS, we noted a variety of report templates were received and methods were used to document reviews. Accordingly, we noted the date certain periodic performance reports were received and reviewed by IDHS could not be validated as they were documented electronically in a spreadsheet which can be modified. Amounts passed through by IDHS to CSLFRF subrecipients totaled $28,591,405 during the year ended June 30, 2024. Criteria or Requirement: According to 2 CFR 200.332(c), a pass-through entity must evaluate each subrecipient's risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. According to 2 CFR 200.332(e), a pass-through entity is required to monitor the activities of subrecipients as necessary to ensure that federal awards are used for authorized purposes in compliance with laws, regulations, and the provisions of contracts or grant agreements and that performance goals are achieved. 2 CFR 200.332(e)(3) requires pass-through entities to issue management decisions for applicable audit findings pertaining to the federal awards provided to the subrecipient and 2 CFR 200.332(e)(4) requires pass through entities to resolve audit findings through corrective action plans (CAP). In addition, 2 CFR 200.303 requires non-Federal entities receiving Federal awards to establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include performing monitoring procedures in accordance with Uniform Guidance and program requirements. Cause: In discussing these conditions with IDHS officials, management stated IDHS was unable to produce all requested Periodic Performance Reports (PPR) and evidence of review due to inconsistency in applied procedures, staffing changes, and the lack of a central repository. Possible Asserted Effect: Failure to adequately monitor subrecipients may result in the subrecipient not properly administering the federal program in accordance with laws, regulations, and the grant agreement. Repeat Finding: 2024-004, 2023-018) Statistical Sampling: The sample was not intended to be, and was not, a statistically valid sample. Recommendation: We recommend IDHS implement subrecipient monitoring procedures in accordance with federal regulations. Views of IDHS Officials: The Department accepts the recommendation. IDHS recognizes the importance of performance monitoring and will implement additional controls to ensure evidence is maintained to support that PPRs are obtained from subrecipients and are appropriately reviewed by IDHS.
State Agency: Illinois Department of Human Services (IDHS) Federal Agency: U.S. Department of Health and Human Services (USDHHS) Program Name: Temporary Assistance for Needy Families, Child Care Development Fund (CCDF) Cluster, Social Services Block Grant, Block Grants for Prevention and Treatment of Substance Abuse ALN and Program Expenditures: 93.558 ($583,126,272), 93.575/93.596 ($747,612,292), 93.667 ($55,634,435), 93.959 ($114,897,412) Award Numbers: Various – see table of award numbers Federal Award Year: Various – see table of award numbers Questioned Costs: Cannot be determined Compliance Requirement: Subrecipient Monitoring Finding 2024-007: Failure to Follow Established Program Subrecipient Monitoring Procedures Condition Found: IDHS did not follow its established program monitoring policies and procedures for subrecipients of the Temporary Assistance for Needy Families (TANF), Child Care Development Fund Cluster (CCDF), Social Services Block Grant (SSBG), and Block Grants for Prevention and Treatment of Substance Abuse (SAPT) programs. IDHS has implemented procedures whereby program staff perform periodic program on-site and desk reviews of IDHS subrecipient compliance with regulations applicable to the federal programs administered by IDHS. IDHS also has implemented procedures whereby staff perform periodic on-site and desk reviews of IDHS subrecipient compliance with fiscal and administrative requirements applicable to multiple State and federal programs. Generally, these reviews are formally documented and include the issuance of a report of the review results to the subrecipient summarizing the procedures performed, results of the procedures, and any findings or observations for improvement noted. IDHS’s policies require the subrecipient to respond to each finding by providing a written corrective action plan. Additionally, IDHS program staff perform reviews of expenditure reports submitted by subrecipients. IDHS subrecipient monitoring procedures are subject to the review and approval of a supervisor. During our test work over program on-site review procedures performed for 82 subrecipients of the TANF, CCDF, SSBG, and SAPT programs, we noted IDHS did not follow its established program monitoring procedures as follows: We tested the program on-site review procedures and fiscal administrative review procedures performed by IDHS during the year ended June 30, 2024 for a sample of subrecipients of the TANF, CCDF, SSBG, and SAPT programs comprised of the following: "See Table in the Audit Report" We noted the following exceptions in our testing of program on-site reviews performed during the year ended June 30, 2024: ● IDHS did not perform on-site monitoring reviews of subrecipients in fiscal year 2024 in accordance with IDHS’ planned monitoring schedule and/or could not provide support for the review. Specifically, we noted the following exceptions: "See Table in the Audit Report" ● IDHS did not provide timely notification (within 60 days) of the results of the programmatic on-site reviews. We noted the following exceptions: "See Table in the Audit Report" ● IDHS did not complete their quality review on a timely basis (within 60 days). We noted the following exceptions: "See Table in the Audit Report" ● IDHS did not receive a corrective action plan from the subrecipient after findings were identified during the review. We noted the following exceptions: "See Table in the Audit Report" During our testing of 31 fiscal and administrative reviews performed for subrecipients of all IDHS’ federal and State programs, we noted IDHS did not provide timely notification (within 180 days) of the results of the fiscal and administrative reviews. Specifically, we noted the delays in the reporting of results to two subrecipients tested ranged from 32 days to 50 days. IDHS could not provide documentation evidencing communication or follow up being performed for these subrecipients during the extended review period. In addition, we noted the SAPT program requires subrecipients to submit periodic reports to allow IDHS to monitor certain programmatic performance metrics. These reports are reviewed quarterly by IDHS program personnel. Any subrecipients who meet less than 80% of the performance metrics reported are also required to submit a corrective action plan to IDHS. During our testing, we noted IDHS was unable to provide documentation evidencing monitoring of the quarterly program reports for our sample of 25 subrecipients (with expenditures of $52,116,654 during the year ended June 30, 2024). Further, IDHS did not have adequate policies or procedures to ensure fiscal and administrative reviews were completed timely to detect potential non-compliance. Criteria or Requirement: According to 2 CFR 200.332(d), a pass-through entity is required to monitor the activities of subrecipients as necessary to ensure that federal awards are used for authorized purposes in compliance with laws, regulations, and the provisions of contracts or grant agreements and that performance goals are achieved. According to 2 CFR 200.332(b), a pass-through entity must evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. In addition, 2 CFR 200.303 requires nonfederal entities to, among other things, establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Effective internal controls should include ensuring on-site program procedures and expenditure reviews are performed in a timely manner and adequate documentation is maintained. Cause: In discussing these conditions with IDHS officials, management stated that the deficiencies noted are due to a combination of factors including operational constraints due to staffing, oversight, system transitions, and a need to strengthen governance over timeliness, monitoring and documentation controls. Possible Asserted Effect: Failure to adequately perform and document program on-site monitoring reviews of subrecipients and notify subrecipients of findings in a timely manner may result in subrecipients not properly administering the Federal programs in accordance with laws, regulations, and the grant agreement. Failure to properly review subrecipient expenditures may result in inaccurate payments or unallowable costs. Repeat Finding: A similar finding was reported in the prior year audit as finding number 2023-010. (Finding Code 2024-007, 2023-010, 2022-008, 2021-017, 2020-015, 2019-013, 2018-012, 2017-013, 2016-012, 2015-011, 2014-008, 2013-009, 12-07, 11-09) Statistical Sampling: The sample was not intended to be, and was not, a statistically valid sample. Recommendation: We recommend IDHS ensure programmatic on-site and expenditure report reviews are performed and documented for subrecipients in accordance with established policies and procedures. In addition, we recommend IDHS review its process for reporting and following up on program findings relative to subrecipient on-site reviews to ensure timely corrective action is taken. Views of IDHS Officials: The Department accepts the recommendation. IDHS will work to ensure programmatic on-site and expenditure report reviews are completed and documented in accordance with policies and procedures and review its process for reporting and follow up on program findings resulting from on-site reviews. IDHS will continue to work to fill vacancies, administer training programs, increase oversight, develop automated processes, and revise procedures to improve internal controls over these functions.
State Agency: Illinois State Board of Education (ISBE) Federal Agency: U.S. Department of Education (USDE) Program Name: Twenty-First Century Community Learning Centers (21st Century) ALN and Program Expenditures: 84.287 ($61,131,992) Award Numbers: Various – see table of award numbers Federal Award Year: Various – see table of award numbers Questioned Costs: None Compliance Requirement: Subrecipient Monitoring Finding 2024-025: Inadequate Monitoring of 21st Century Subrecipients Condition Found: ISBE did not adequately monitor and document program monitoring procedures performed over subrecipients of the 21st Century Community Learning Centers (21st Century) program. The 21st Century program operates to provide State educational agencies and local educational agencies (LEAs) with funding specific to rural and inner-city public schools. To monitor the 21st Century program activities performed by Illinois elementary and secondary schools, ISBE has established Tier I, Tier II, and Tier III monitoring activities which are applied to each subrecipient (LEA or school district) depending upon the annual risk score determined by ISBE. ISBE’s 21st Century program subrecipient monitoring manual outlines the risk assessment procedures to determine the tier of monitoring required, the methods used for tier determination, and documentation required for each tier of monitoring. Because the size and scope of each subrecipient can vary greatly, ISBE has further subdivided subrecipients into cohorts and sites (individual schools) for purposes of applying certain monitoring procedures. Tier I subrecipient monitoring procedures apply to all subrecipients, with no consideration of the risk assessment score they have received and consist of a twice-a-year call in which ISBE personnel discuss enrollment and registration statistics, progression towards goals specific to the district, and budgetary changes. A notification email is sent twice a year, alerting the subrecipient that a call is required to be scheduled. Once the call is scheduled, a call form detailing the responses to the discussion points is completed by ISBE personnel during the call to evidence the call was conducted and any matters for follow up. documentation provided by the subrecipient to address each portion of review. ISBE documents the completion of its desk review procedures with a letter to the subrecipient communicating any noncompliance and requesting corrective action, if applicable. Any required corrective action plans are reviewed and formally accepted by ISBE in a letter to the subrecipient. Tier III applies to specific subrecipient sites who receive a high-risk assessment score and consists of an on-site review including interviews with the project director and site coordinators, and observations of the academics and academic enrichment taking place at each site. ISBE personnel complete monitoring checklists to evidence the completion of its on-site procedures and a summary checklist is completed after the on-site visit to summarize all areas of noncompliance. A letter is sent to the subrecipient communicating the completion of the on-site review, any noncompliance, and requesting corrective action, if applicable. Any required corrective action plans are reviewed and formally accepted by ISBE in a letter to the subrecipient. During the year ended June 30, 2024, ISBE identified 33 Tier III high-risk subrecipients (with expenditures totaling $36,676,176) which included 47 total subrecipient sites required to have on-site reviews performed. During our testing of seven high risk subrecipient sites selected for testing (related to seven subrecipients with expenditures totaling $15,207,297), we noted ISBE was unable to provide documentation evidencing on-site reviews were performed for five of the subrecipient sites samples. We also noted documentation was not available to evidence the reviews of the other two subrecipient sites sampled were completed as ISBE could not locate documentation of the procedures performed, conclusions reached, or communication of the review results to the subrecipient sites. In addition, we noted ISBE’s internal controls over subrecipient on-site monitoring are not designed at an appropriate level of precision to ensure monitoring of subrecipients is completed, documented, and retained as required by ISBE policies and procedures. ISBE passed through approximately $59,630,722 to 78 subrecipients of the 21st Century program during the year ended June 30, 2024. Criteria or Requirement: According to 2 CFR 200.332(d), a pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations and the terms and conditions of the subaward, and that the subaward performance goals are achieved. According to 2 CFR200.332(b), a pass-through entity must evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. Additionally, 2 CFR 200.303 requires non-Federal entities receiving Federal awards to establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include establishing supervisory procedures at an appropriate level of precision to ensure adequate monitoring is performed and documentation is maintained. Cause: In discussing these conditions with ISBE officials, they stated the inability to provide required documentation is attributable to staff turnover as those responsible for these monitoring activities have since left ISBE. Possible Asserted Effect: Failure to perform required monitoring procedures and maintain documentation may result in subrecipients not properly administering the Federal programs in accordance with laws, regulations, and grant agreements. Repeat Finding: A similar finding was reported in the prior year audit as finding number 2023-045. (Finding Code 2024-025, 2023-045) Statistical Sampling: The sample was not intended to be, and was not, a statistically valid sample. Recommendation:We recommend ISBE establish policies and procedures to ensure programmatic monitoring is performed and appropriately documented. Views of ISBE Officials: Management agrees with the finding and has developed processes and structures to correct it.
State Agency: Illinois Department of Transportation (IDOT) Federal Agency: U.S. Department of Transportation Program Name: Highway Planning and Construction (HPC) Program ALN and Program Expenditures: 20.205 ($2,192,857,212) Award Numbers: Various – see table of award numbers Federal Award Year: Various – see table of award numbers Questioned Costs: None Compliance Requirement: Subrecipient Monitoring Finding 2024-041: Failure to Communicate Award Information to Subrecipients Condition Found: IDOT did not follow its established policies and procedures for monitoring subrecipients of the Highway Planning and Construction program. During our testwork of the award communications for our sample of subrecipients, we selected the contracts under which funds were disbursed during fiscal year 2024 to review for compliance with federal award communication requirements. During our review of the award communication files for a sample of 30 awards (related to subrecipient expenditures of $46,016,588), we noted the following information was not communicated in the subrecipient award agreement for three subrecipients sampled (with payments totaling $742,559): • Federal Award Identification Number (FAIN) • Assistance Listing Number (ALN) • Subaward Period of Performance Start and End Date • Subrecipient’s Unique Entity Identifier Amounts passed through to subrecipients under the Highway Planning and Construction program totaled $94,970,638 during the year ended June 30, 2024. Criteria or Requirement: According to 2 CFR 200.332(a), a pass-through entity is required to identify Federal awards made to the subrecipient by informing each subrecipient of required information. In addition, 2 CFR 200.303 requires nonfederal entities to, among other things, establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Effective internal controls should include controls to ensure required information is properly communicated. Cause: In discussing these conditions with IDOT officials, they stated there are two separate causes for this finding. For two of the agreements, the FAIN and ALN were overlooked when drafting the agreement. In these instances, it was employee oversight. For the final agreement noted, elements were missing from the template at that time, and IDOT was unaware of any requirements to have the CFDA# (ALN), DUNS number (UEI), or single audit included in the agreement as it was executed in 2002. Possible Asserted Effect: Failure to communicate required award information may result in subrecipients not properly administering the Federal programs in accordance with laws, regulations, and the grant agreement. Repeat Finding: A similar finding was not reported in the prior year audit. (Finding Code 2024-041) Recommendation: We recommend IDOT implement additional procedures to ensure award information communicated to subrecipients is reviewed for completeness and accuracy. Views of IDOT Officials: IDOT agrees with the finding.
State Agency: Illinois Criminal Justice Information Authority (ICJIA) Federal Agency: U.S. Department of Justice (USDOJ) Program Name: Crime Victim Assistance ALN and Program Expenditures: 16.575 ($53,095,634) Award Numbers: Various – see table of award numbers Federal Award Year: Various – see table of award numbers Questioned Costs: None Compliance Requirement: Subrecipient Monitoring Finding 2024-042: Failure to Adequately Monitor Subrecipients Condition Found: ICJIA did not follow its established program monitoring policies and procedures for subrecipients of the Crime Victim Assistance (CVA) program during fiscal year 2024. ICJIA selects subrecipients of the CVA program to perform programmatic monitoring procedures using a risk-based approach. Among other things, ICJIA has identified subrecipients receiving CVA funding under shorter term programs (12 months or less in duration) as higher risk and requires an on-site review to be performed once during the period of performance. Additionally, longer term programs (12 to 36 months in duration) require an on-site review in the first twelve months of the period of performance and a second on-site review during the remaining period of performance. In scheduling the timing of its on-site reviews, ICJIA considers whether there are any additional subrecipient specific risk factors that warrant an earlier review time. Based upon ICJIA’s monitoring criteria, we noted ICJIA should have conducted site visits for 51 subrecipients (with expenditures totaling $26,561,276) from longer term programs during the year ended June 30, 2024. During our review of the subrecipient site visits conducted during State fiscal year 2024, we noted 14 of the 51 subrecipients from longer term programs (with expenditures of $4,215,392 during the year ended June 30, 2024) were not subjected to site visits. Additionally, we noted three of the 51 reviews required to be performed during the year ended June 30, 2024 were not performed within the required time period. Specifically, we noted reviews for three subrecipients (with expenditures of $659,442) were performed 19 to 21 days late. ICJIA passed through $50,412,108 to subrecipients of the CVA program during the year ended June 30, 2024. Criteria or Requirement: According to 2 CFR 200.332(e), a pass-through entity is required to monitor the activities of subrecipients as necessary to ensure that federal awards are used for authorized purposes in compliance with laws, regulations, and the provisions of contracts or grant agreements and that performance goals are achieved. ICJIA’s Site Visits policy requires Grant Specialists to conduct two site visits within thirty-six months of the start of a grant with the first site visit taking place within the first twelve months, unless the grantee’s Program Risk Assessment requires that a site visit be completed within a shorter time period. In addition, 2 CFR 200.303 requires non-Federal entities to, among other things, establish and maintain internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Effective internal controls should include ensuring on-site program monitoring procedures are performed in a timely manner. Cause: In discussing these conditions with ICJIA officials, they stated due to staffing shortages within the federal and state grants unit, all of the required visits were not completed. Possible Asserted Effect: Failure to adequately perform on-site monitoring reviews of subrecipients may result in subrecipients not properly administering the Federal programs in accordance with laws, regulations, and the grant agreement. Repeat Finding: A similar finding was reported in the prior year audit as finding number 2023-033. (Finding Code 2024-042, 2023-033) Recommendation: We recommend ICJIA ensure programmatic on-site reviews are performed and documented for subrecipients in accordance with established policies and procedures. Views of ICJIA Officials: ICJIA acknowledges that these gaps in documentation and consistency contributed to the finding and has taken corrective actions to strengthen monitoring procedures, enhance documentation standards, and ensure timely follow-up with subrecipients.
State Agency: Illinois Criminal Justice Information Authority (ICJIA) Federal Agency: U.S. Department of Justice (USDOJ) Program Name: Crime Victim Assistance ALN and Program Expenditures: 16.575 ($53,095,634) Award Numbers: Various – see table of award numbers Federal Award Year: Various – see table of award numbers Questioned Costs: None Compliance Requirement: Subrecipient Monitoring Finding 2024-043: Inadequate Review of Subrecipient Single Audit Reports Condition Found: ICJIA did not adequately review single audit reports received from its subrecipients for the Crime Victim Assistance Program (CVA) program on a timely basis. The State of Illinois established the Grant Accountability and Transparency Unit (GATU) to implement the provisions of the State’s Grant Accountability and Transparency Act (GATA) on a centralized basis. GATU has established standardized reporting requirements for subrecipients of the various Federal and State programs administered by the State through its various departments. Subrecipients of the State are required to certify whether they expended more than $750,000 in federal awards during the fiscal year and submit their single audit reporting packages to the Federal Audit Clearinghouse (if required). GATU is then responsible for obtaining the single audit reporting package, verifying the report meets the single audit requirements, and assigning, to the applicable state agency, any findings attributable to amounts passed through to the subrecipient(s) by the State. As a State agency, ICJIA is responsible for reviewing the reports assigned to them by GATU and determining whether Federal funds reported in the consolidated year-end financial report (CYEFR) reconcile to ICJIA records. Additionally, as the cognizant State agency, ICJIA is responsible for issuing management decisions on findings reported and applying sanctions to subrecipients who do not comply with reporting requirements (i.e. stop pay process). During our testing of a sample of single audit desk review files for 14 subrecipients (with expenditures of $37,884,972 in the fiscal year), we noted the following: • For five subrecipients (with expenditures totaling $19,501,158), ICJIA did not issue a management decision letter in a timely manner. The delays in issuing management decision letters ranged from 61 to 128 days beyond the required timeframe. • For 11 subrecipients (with expenditures totaling $24,680,412), ICJIA did not reconcile the CYEFR to ICJIA’s records as required. As of the date we communicated our findings to ICJIA (January 27, 2026), ICJIA had still not reconciled the CYEFR to ICJIA’s records for 10 subrecipients (with expenditures totaling $24,097,663). • For one subrecipient (with expenditures of $295,572), the subrecipient single audit reporting package was not submitted within the required timeframe, and ICJIA did not follow up with the subrecipient or invoke the stop pay process. ICJIA has not established controls over subrecipient single audit reviews at an adequate level of precision to ensure single audit reporting requirements, including obtaining and reviewing single audit reporting packages, issuing management decision letters, reconciling CYEFRs to agency records, and invoking stop payment actions, are performed within required timeframes. ICJIA passed through $50,412,108 to subrecipients of the CVA program during the year ended June 30, 2024. Criteria or Requirement: According to 2 CFR 200.332(e), a pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statues, regulations and the terms and conditions of the subaward, and that the subaward performance goals are achieved. Additionally, 2 CFR 200.332(e)(3) and 2 CFR 200.521 state that a pass-through entity is required to issue a management decision on federal awards audit findings within six months of the acceptance of the report by the Federal Audit Clearinghouse and ensure the subrecipient takes timely and appropriate corrective action on all audit findings. In addition, 2 CFR 200.303 requires non-Federal entities to, among other things, establish and maintain internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Effective internal controls should include procedures to ensure Single Audit reports are reviewed in a timely manner and management decisions are issued within required timeframes. Cause: In discussing these conditions with ICJIA officials, they stated this GATA responsibility has not been performed as consistently as other responsibilities due to competing priorities and staff shortages. Possible Asserted Effect: Failure to complete and document reviews of subrecipient single audit reports in a timely manner may result in federal funds being expended for unallowable purposes and subrecipients not administering the federal programs in accordance with laws, regulations, and the grant agreement. Repeat Finding: A similar finding was reported in the prior year audit as finding number 2023-034. (Finding Code 2024-043, 2023-034) Statistical Sampling: The sample was not intended to be, and was not, a statistically valid sample. Recommendation: We recommend ICJIA establish procedures to ensure subrecipient single audit report reviews are completed and documented in a timely manner. Additionally, ICJIA should implement procedures to ensure timely reconciliation of funds, issuance of management decision letters, and initiation of the stop pay process. Views of ICJIA Officials: ICJIA agrees with the finding and the cause. Staffing continues to be a priority for resolving the single audit review process.
State Agency: Illinois Criminal Justice Information Authority (ICJIA) Federal Agency: U.S. Department of Justice (USDOJ) Program Name: Crime Victim Assistance ALN and Program Expenditures: 16.575 ($53,095,634) Award Numbers: Various – see table of award numbers Federal Award Year: Various – see table of award numbers Questioned Costs: None Compliance Requirement: Subrecipient Monitoring Finding 2024-044: Inadequate Fiscal Monitoring of Subrecipients Condition Found: ICJIA did not follow its established policies and procedures for monitoring subrecipients of the Crime Victim Assistance (CVA) program. ICJIA selects subrecipients of the CVA program over which to perform fiscal monitoring procedures using a risk-based approach. Specifically, a risk assessment is performed annually over the subrecipient, which includes calculating a risk score based upon criteria established by ICJIA. ICJIA’s risk assessment criteria include the total award amount, the subgrantee’s experience with ICJIA grant awards, results of financial monitoring, the percentage of grant expended to date, the quality of financial submissions, the timeliness of financial submissions, and the payment type. Based upon the risk score, each subrecipient is designated as needing high, moderate, or low oversight. The oversight category assigned determines the frequency and type of financial monitoring (i.e. desk review or fiscal audit). During our audit procedures, we noted three CVA subrecipients (with expenditures of $582,277) were designated for high oversight and did not have a fiscal audit performed over their CVA program grants. Agency personnel indicated additional risk assessment criteria were considered to reduce the number of high oversight subrecipients; however, these additional criteria are not documented in the fiscal monitoring policy or risk score documentation. ICJIA passed through approximately $50,412,108 to subrecipients of the CVA program during the year ended June 30, 2024. Criteria or Requirement: According to 2 CFR 200.332(e), a pass-through entity must evaluate each subrecipient's risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. According to 2 CFR 200.332(e), a pass-through entity is required to monitor the activities of subrecipients as necessary to ensure that federal awards are used for authorized purposes in compliance with laws, regulations, and the provisions of contracts or grant agreements and that performance goals are achieved. 2 CFR 200.332(e)(3) requires pass-through entities to issue management decisions for applicable audit findings pertaining to the federal awards provided to the subrecipient and 2 CFR 200.332(e)(4) requires pass through entities to resolve audit findings through corrective action plans (CAP). In addition, 2 CFR 200.303 requires non-Federal entities receiving Federal awards to establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include establishing and performing monitoring procedures in accordance with Uniform Guidance and program requirements. Cause: In discussing these conditions with ICJIA officials, they stated ICJIA utilizes both a formal, documented policy to determine a risk score for over 600 active grantees and a more subjective, unwritten assessment to determine which higher and medium risk grantees actually will be scheduled to receive active fiscal monitoring procedures. The subjective analysis is used by ICJIA to adjust the potential volume of monitoring effort to the anticipated number of resources available in a given period. Due to the scarcity of resources, the agency prioritized reviews for subrecipients of other ICJIA programs. Possible Asserted Effect: Failure to fully document required risk assessments and to adequately monitor subrecipients may result in the subrecipient not properly administering the federal program in accordance with laws, regulations, and the grant agreement. Repeat Finding: A similar finding was reported in the prior year audit as finding number 2023-035. (Finding Code 2024-044, 2023-035) Statistical Sampling: The sample was not intended to be, and was not, a statistically valid sample. Recommendation: We recommend ICJIA review their fiscal subrecipient monitoring procedures and implement additional procedures as necessary to ensure proper monitoring procedures are performed and documentation of monitoring activities are adequately maintained. Views of ICJIA Officials: ICJIA agrees with the findings as we have additional risk assessment criteria that are established but not documented.
State Agency: Illinois Department on Aging (IDOA) Federal Agency: U.S. Department of Health and Human Services (USDHHS) Program Name: Aging Cluster ALN and Program Expenditures: 93.044/93.045/93.053 ($68,210,944) Award Numbers: Various – see table of award numbers Federal Award Year: Various – see table of award numbers Questioned Costs: None Compliance Requirement: Subrecipient Monitoring Finding 2024-049: Inadequate Review of Subrecipient Single Audit Reports Condition Found: IDOA did not adequately document review of single audit reports received from its subrecipients for the Aging Cluster program on a timely basis. The State of Illinois established the Grant Accountability and Transparency Unit (GATU) to implement the provisions of the State’s Grant Accountability and Transparency Act (GATA) on a centralized basis. GATU has established standardized reporting requirements for subrecipients of the various Federal and State programs administered by the State through its various departments. Subrecipients of the State are required to certify whether they expended more than $750,000 in federal awards during the fiscal year and submit their single audit reporting packages to the Federal Audit Clearinghouse (if required). GATU is then responsible for obtaining the single audit reporting package, verifying the report meets the single audit requirements, and assigning to the applicable state agency any findings attributable to amounts passed through to the subrecipient(s) by the State. IDOA staff are responsible for reviewing the reports assigned to them by GATU and determining whether: (1) federal funds reported in the schedule of expenditures of federal awards reconcile to IDOA records; (2) issuing management decisions on findings reported within required timeframes; and (3) applying sanctions to subrecipients who do not comply with reporting requirements (i.e. stop pay process). During our testing of a sample of single audit desk review files for seven subrecipients (with expenditures of $40,522,841 in the fiscal year), we noted the following: • For five subrecipients (with expenditures totaling $23,626,549), IDOA did not issue a management decision letter. • For one subrecipient (with expenditures totaling $2,117,589), IDOA did not issue a management decision letter over the subrecipient’s single audit that was received during state fiscal year 2024. In addition, the subrecipient did not file a single audit for the prior year with the Federal Audit Clearinghouse. While IDOA received a copy of the unfiled single audit report, a review was not performed and funding was not suspended in accordance with the State’s established policies. IDOA has not established controls over subrecipient single audit reviews at an adequate level of precision to ensure single audit reporting requirements, including obtaining and reviewing single audit reporting packages, issuing management decision letters, and invoking stop payment actions are performed within required timeframes. IDOA passed through $66,724,826 to subrecipients of the Aging Cluster program during the year ended June 30, 2024. Criteria or Requirement: According to 2 CFR 200.332(d), a pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statues, regulations and the terms and conditions of the subaward, and that the subaward performance goals are achieved. Additionally, 2 CFR 200.332(d)(3) and 2 CFR 200.521 state that a pass-through entity is required to issue a management decision on federal award audit findings within six months of the acceptance of the report by the Federal Audit Clearinghouse and ensure the subrecipient takes timely and appropriate corrective action on all audit findings. In addition, 2 CFR 200.303 requires non-Federal entities to, among other things, establish and maintain internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Effective internal controls should include procedures to ensure Single Audit reports are reviewed in a timely manner and management decisions are issued within required timeframes. Cause: In discussing these conditions with IDOA officials, they stated competing priorities and limited resources have impacted the Department’s ability to comply with this requirement. Possible Asserted Effect: Failure to complete and document reviews of subrecipient single audit reports in a timely manner may result in federal funds being expended for unallowable purposes and subrecipients not administering the federal programs in accordance with laws, regulations, and the grant agreement. Additionally, failure to issue management decision letters within six months of acceptance of the single audit report by the FAC results in noncompliance with federal regulations. Repeat Finding: A similar finding was not reported in the prior year audit. (Finding Code 2024-049) Statistical Sampling: The sample was not intended to be, and was not, a statistically valid sample. Recommendation: We recommend IDOA establish procedures to ensure (1) subrecipient single audit report reviewed within established deadlines, (2) management decision letters are issued for all findings affecting its federal programs in accordance with the Uniform Guidance, and (3) follow up procedures are performed to ensure subrecipients have taken timely and appropriate corrective action. Views of IDOA Officials: The Department agrees with this finding. Although the Department shows that all the Area Agency on Aging single audits were received in the audit report review management system (ARRMS), there is one pending approval by the Audit Clearinghouse. The Department did not get the audits reconciled during state fiscal year 2024. The Department did not issue any management decision letters for those audits.
Criteria Under 2 CFR 200.332(b), pass-through entities must provide specific information to subrecipients at the time of subaward, including at minimum the Assistance Listing number and title, Federal Award Identification, Subaward Period of Performance, Total amount of Federal funds, name of Federal agency, indirect cost rate, and all applicable Federal statutes, regulations, and the terms and conditions of the Federal award, among other elements. Condition The auditee, acting as a pass-through entity, did not inform subrecipients of the required information at the time of subaward. Cause The entity did not have sufficient controls in place to ensure that all required information under Uniform Guidance were communicated to subrecipients at the time of the award. Effect Subrecipients may be unaware of key Federal requirements, which can increase the risk of noncompliance with allowable costs, reporting, and audit requirements. Questioned Costs No questioned costs. Recommendation We recommend the entity implement a process to perform subrecipient vs. contractor determinations for organizations it engages with using federal funding, and ensure the appropriate language required by Uniform Guidance is included in the agreement. Context/Sampling During the audit, we examined agreements with two other entities that the auditee contracted with to perform program activities.
The Arizona Department of Education’s Health and Nutrition Services Division (Division) did not perform all required monitoring procedures, resulting in an increased risk that $63.9 million of program monies the Division awarded to subrecipients during fiscal year 2024 may not be spent in accordance with the award terms, program requirements, and federal regulations Assistance Listings number(s) and name(s): 10.558 Child and Adult Care Food Program Award number(s) and year(s): 237237AZ300AZ3 October 1, 2022 through September 30, 2023 247AZ300AZ3 October 1, 2023 through September 30, 2024 Federal agency: U.S. Department of Agriculture Compliance requirement(s): Subrecipient Monitoring Questioned costs: None Condition The Division awarded $63.9 million to 322 subrecipients during fiscal year 2024, or 99.3% of the Division’s total program expenditures, but did not perform all the required monitoring of its subrecipients’ activities. While the Division did conduct on-site monitoring visits of subrecipients in accordance with its risk-assessment plan, it did not always obtain and review the responses to its written questionnaires from its subrecipients. For example, for 30 of the 40 subrecipients we tested, the Division did not review the submitted monitoring questionnaires to verify the accuracy of responses. Additionally, 10 of the 40 subrecipients we tested did not respond to the Division’s monitoring questionnaire at all, and the Division never followed up with these subrecipients. These questionnaires are designed to capture essential information from each subrecipient, including confirmation of total federal expenditures from all sources in addition to the program and whether the subrecipient is required to have a single audit performed. As a result, the Division did not determine whether required single audits were performed or, if applicable, whether the subrecipients took timely and appropriate action on all deficiencies noted. Effect The Division’s not verifying subrecipient single audits were conducted may result in the Division’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Further, there is an increased risk that $63.9 million of program monies the Division awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Finally, the Arizona Department of Education is at risk that this finding applies to other federal programs it administers. Cause The Division’s written policies and procedures lacked requirements to obtain, review, verify, and analyze the subrecipient-monitoring questionnaires to confirm that those subrecipients required to obtain a single audit had a single audit completed, or to review those single audit reports for findings related to the program and issue management decisions when applicable. Criteria Federal regulation requires the Division to monitor subrecipients, which includes (2 CFR §200.332[e-f]): X Verifying single audits were conducted timely. X Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. X Issuing a management decision for audit findings pertaining to the federal award. Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with applicable laws, regulations, and terms of the award (2 CFR §200.303). Recommendations to the Division 1. Perform all required monitoring of its subrecipients, including reviewing completed questionnaires submitted by its subrecipients to ensure they are complying with single audit requirements. If a single audit was completed for a subrecipient, ensure corrective action is taken on audit findings that could affect the program, and issue management decisions, as applicable. 2. Update and implement written policies and procedures that require the Division to obtain all subrecipient-monitoring questionnaires, document its review of each subrecipient’s submitted questionnaire, follow up on and ensure corrective action is taken on audit findings that could potentially affect the program, and issue management decisions pertaining to the federal award. 3. Train personnel responsible for reviewing monitoring questionnaires on the updated policies and procedures. Views of responsible officials State management concurs with this finding. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials regarding these recommendations. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
The Arizona Office of Economic Opportunity did not ensure conference meals, graphic design services, and promotional item costs were appropriate, necessary, and managed to minimize charges and may be required to return $90,015 of WIOA Cluster funds Cluster name(s): WIOA Cluster Assistance Listings number(s) and name(s): 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award number(s) and year(s): AA-34755-20-55-A-4 April 1, 2020 to June 30, 2023 AA-36307-21-55-A-4 April 1, 2021 to June 30, 2024 AA-38516-22-55-A-4 April 1, 2022 to June 30, 2025 23A55AW000049-01-00 July 1, 2023 to June 30, 2026 Federal agency: U.S. Department of Labor Compliance requirement(s): Not applicable Questioned costs: $90,015 Condition Contrary to federal regulations and the Department of Economic Security’s (DES) policy, the Arizona Office of Economic Opportunity (Office) paid for meals and promotional items provided to conference participants using WIOA Dislocated Worker Formula Grants federal program (WIOA federal program) funds without ensuring that the costs were appropriate, necessary, and managed to minimize charges to the federal award. Specifically, the Office hosted a 2-day Workforce Summit (Summit) conference in June 2024 and spent: X $61,038 on meals for 300 attendees over 2 days for lunch buffets, snacks, and beverages with an average attendee cost of $102 per person per day. X $25,302 for graphic design services without documenting how the services benefited the Summit. Office management reported the services were used to develop Summit communications and materials. X $3,675 on other promotional items, including pens, notebooks, lanyards, clips, vinyl pouches, and flyers, without maintaining evidence, such as photos, that the items displayed the required branding or funding tagline required by DES policies. The Office spent $5,066,045—including the questioned costs of $90,015—or nearly 5% of the State’s total $104,973,072 WIOA Cluster expenditures for the year ended June 30, 2024. We did not audit the WIOA Cluster for fiscal year 2024 because the Cluster did not meet the major federal program criteria. However, during fieldwork for the performance audit and sunset review of the Office, our contract auditors identified the above $90,015 unallowable costs charged to the WIOA federal program. Effect The Office’s paying for Summit costs without ensuring that they were appropriate, necessary, and managed to minimize charges to the federal award increased the risk that those who were intended to benefit from the program may not receive all the benefits they otherwise would have received. Consequently, the Office and/or DES may be required to return monies to the federal agency in accordance with federal requirements.1 Cause Office staff responsible for reviewing and approving Summit expenditures lacked sufficient guidance to identify unallowable costs because the Office lacked documented procedures, including a standardized review process, to ensure that costs charged to the WIOA federal program were allowable. DES passed WIOA federal program funds to the Office through an interagency service agreement (ISA) subaward but did not include conference-specific requirements imposed by federal regulations or additional requirements that DES imposed regarding promotional materials. Further, DES monitors the Office’s WIOA federal program expenditures during an annual desk review that takes place in May or June following the end of the prior fiscal year. DES management reported DES did not review any 2024 Summit costs since they will be subject to review during the May 2026 desk review. The review was scheduled almost 2 years after the unallowable costs were incurred because they were included in the Office’s July 2024 reimbursement request, which fell at the beginning of fiscal year 2025. Criteria Federal regulations and the Department’s Notice of Award for the WIOA federal program require the Office to sponsor conferences primarily to disseminate technical information. Further, the Office must exercise discretion and judgment in ensuring that conference costs are appropriate, necessary, and managed to minimize charges to the federal award. Allowable costs may include facility rental, speakers’ fees, registration fees, meals and refreshments, and other incidental expenses, unless further restricted by the terms and conditions of the federal award (2 CFR §200.432). 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). In addition, DES’ policy requires that all promotional material must include a specific funding source tagline and the State brand.2 Further, federal regulations require DES to: X Evaluate the Office’s fraud risk and risk of noncompliance with its ISA subaward to determine the appropriate subrecipient monitoring procedures (2 CFR §200.332[c]). X Ensure its subaward with the Office includes all requirements imposed by federal statutes, regulations, and the terms and conditions of the federal award and any additional requirements that DES imposes on the Office to meet its responsibilities under the federal award (2 CFR §200.332[b][2] and [3]). Finally, federal regulations require establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the Office 1. Ensure Summit costs charged to the WIOA federal program are appropriate, necessary, and managed to minimize charges to the federal award. 2. Develop and implement written procedures, including a standardized review process, to ensure that costs charged to the WIOA federal program are allowable prior to requesting reimbursement from DES. 3. Work with federal grantor and/or DES to resolve the $90,015 of questioned costs associated with the 2024 Summit and any subsequently held Summits. Recommendations to DES 4. Amend its ISA subaward with the Office to include conference-specific requirements imposed by federal regulations and additional requirements that DES imposed regarding promotional materials. 5. Adjust its monitoring procedures over the Office’s activities, which may include more frequent desk reviews of reimbursed costs, based on DES’ evaluation of the Office’s risk of noncompliance with federal regulations and DES’ notice of award for the WIOA federal program. 6. Provide Office staff responsible for reviewing and approving Summit expenditures with training and technical assistance on conference-related requirements. 2 Arizona Department of Economic Security. (2023). Workforce Innovation and Opportunity Act Policy Manual Title I-B, Chapter 3, Section 102.01 (C). Retrieved 4/8/2026 from https://des.az.gov/sites/default/files/media/Allowable-Costs-Fiscal-Policy-Section-100.pdf?time=1775665811357 Views of responsible officials State management concurs with this finding. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials regarding these recommendations. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
The Department of Economic Security failed to perform required subrecipient monitoring, increasing the risk that $9.3 million may have been spent inconsistent with program requirements Assistance Listings number(s) and name(s): 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award number(s) and year(s): None Federal agency: U.S. Department of the Treasury Compliance requirement(s): Subrecipient monitoring Questioned costs: Unknown Condition The Department of Economic Security (DES) awarded $9.3 million to 13 subrecipients during fiscal year 2024, or 16.3% of DES’ $56.9 million of total federal expenditures for this federal program, but failed to include required information in its subawards to subrecipients and perform required monitoring. Specifically, DES: X Did not include information required by federal regulations in its subawards to subrecipients for 4 of 4 subrecipients tested. This included missing federal award identification information and any additional requirements DES imposed on the subrecipients to meet its responsibilities under the federal award. X Did not perform the required monitoring of the subrecipients’ activities or compliance with the award terms and program requirements for all 13 subrecipients. Effect DES’ failure to include required information in its subawards to subrecipients and perform required monitoring increased the risk that the $9.3 million of program monies DES awarded to subrecipients may not have been spent in accordance with the award terms and program or contract requirements. If monies were spent inconsistent with program and contract requirements, those intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Cause DES lacked entity-wide subrecipient-monitoring policies and procedures for its divisions to follow and instead relied on each division to design and implement its own subrecipient-monitoring procedures. However, the Child and Community Services Division (CCSD) personnel responsible for notifying and monitoring subrecipients reported they were either not aware of the subrecipient-monitoring requirements or did not follow its subrecipient-monitoring policies and procedures, as follows: X The CCSD personnel responsible for monitoring 6 subrecipients reported that they were not aware of the program’s subrecipient-monitoring requirements because of the program manager being on extended leave, turnover in staff knowledgeable of these requirements, and lack of established policies and procedures over monitoring the program’s subrecipients’ activities. Further, neither DES nor the CCSD personnel responsible for identifying subrecipients provided guidance to CCSD personnel responsible for subrecipient monitoring. X The CCSD personnel responsible for monitoring 7 subrecipients reported that they did not follow CCSD’s procedures for monitoring the program’s subrecipients’ activities because they were short staffed and prioritized monitoring other federal and State grants’ subrecipients’ activities. Criteria Federal regulation requires DES to ensure that every subaward is clearly identified to the subrecipient as a subaward by including in its award terms with subrecipients information necessary for the subrecipient to administer the program in accordance with federal requirements. Required information includes federal award identification, all requirements of the subaward, any additional requirements DES imposes on the subrecipient for DES to meet its responsibilities under the federal award, indirect cost rate, and audit and closeout requirements. Further, federal regulation requires DES to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): X Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. X Reviewing financial and performance reports. X Verifying single audits were conducted timely. X Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. X Issuing a management decision for audit findings pertaining to the federal award. Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to DES 1. Include information required by federal regulations in its subawards to subrecipients, including federal award identification information and any additional requirements DES imposed on the subrecipients to meet its responsibilities under the federal award. 2. Perform required monitoring of its subrecipients and their compliance with the award terms and program requirements. Develop, implement, and train all divisions on entity-wide written subrecipient-monitoring policies and procedures requiring all divisions to: 3. Ensure that every subaward is clearly identified to the subrecipient as a subaward by including in its award terms with subrecipients information necessary for the subrecipient to administer the program in accordance with federal requirements. Required information includes federal award identification, all requirements of the subaward, any additional requirements the DES imposes on the subrecipient for the DES to meet its responsibilities under the federal award, indirect cost rate, and audit and closeout requirements. 4. Assess the risk of each subrecipient’s noncompliance and carry out monitoring activities based on those risk assessments such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. 5. Review financial and performance reports. 6. Verify subrecipients receive timely single audits, if required; follow up on and ensure that corrective action is taken on any audit findings that could potentially affect the program; and issue management decisions for any audit findings pertaining to the federal award. 7. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any DES actions taken, if appropriate. 8. Allocate sufficient resources, such as staffing, to comply with the award terms and program requirements, and designate individuals within each division to perform necessary subrecipient-monitoring procedures. This finding is similar to prior-year finding 2023-106 and was initially reported in fiscal year 2023. Views of responsible officials State management concurs with this finding. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials regarding these recommendations. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
Four State agencies did not perform required subrecipient monitoring procedures, increasing the risk that program monies may have been misused and not spent in accordance with the award terms Assistance Listings number(s) and name(s): 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery (SLFRF) Funds Award number(s) and year(s): None Federal agency: U.S. Department of the Treasury Compliance requirement(s): Subrecipient monitoring Questioned costs: $1,623,846 Condition Contrary to federal regulation, the Arizona Department of Housing (ADOH), Arizona Department of Water Resources (ADWR), Arizona Office of Tourism (AOT), and Industrial Commission of Arizona (ICA) did not perform the required monitoring of their subrecipients’ activities or compliance with the award terms and program requirements. Specifically, we found that 4 of 10 State agencies we tested did not perform the various and required monitoring procedures identified in Table 1 below and Tables 2 through 4, page 129. In addition, as of the report date, April 23, 2026, the Governor’s Office of Strategic Planning and Budgeting (OSPB) took appropriate action by identifying and self-reporting to us $1,623,846 of expenditures for 8 SLFRF program subrecipients, who were awarded monies prior to fiscal year 2024, and may not have spent the monies in accordance with program requirements.1 Specifically, based on our fiscal year 2023 audit recommendations in finding 2023-102, OSPB performed missing risk assessments for subrecipients awarded monies during fiscal years 2022 and 2023. As a result of these assessments, OSPB conducted additional onsite monitoring or desk reviews based on those results and identified $1,623,846 in questionable costs by its subrecipients. Additionally, OSPB identified several of these questioned costs as potentially fraudulent or inappropriate and forwarded this information to the Attorney General’s Office for further review. We selected OSPB as part of the 10 State agencies tested during fiscal year 2024. Of 24 OSPB subrecipients we tested, we did not identify any deficiencies with OSPB performing the required monitoring of their subrecipients’ activities or compliance with the award terms and program requirement during fiscal year 2024. In total during fiscal year 2024, there were 14 State agencies that paid $270.2 million to subrecipients, as shown in Table 5 below, or 56.2% of the State’s $480.4 million total federal expenditures for this program. Effect The 4 State agencies’ lack of required monitoring increased the risk that the $41.4 million of program monies they paid to 131 subrecipients may have been misused and not spent in accordance with the award terms and program requirements as shown in Table 5, page 130. If monies are spent inconsistent with program requirements, those who were intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. ADOH, ADWR, AOT, and ICA are at risk that this finding applies to other federal programs they administer. Further, OSPB’s previously identified expenses that may not have been spent in accordance with program requirements may result in OSPB being required to return up to $1,623,846 of program monies to the federal agency in accordance with Uniform Guidance requirements.2 Cause Despite subrecipient monitoring requirements being included in the federal regulations, 4 State agencies did not develop and/or implement sufficient subrecipient monitoring policies and procedures to comply with federal regulations. Specifically, X ADOH’s management reported that its policies and procedures did not contain clear criteria for when single audits should be obtained and the process for conducting risk assessments. X ADWR’s management reported that it lacked policies and procedures for obtaining single audits and conducting risk assessments. X AOT’s management reported that it performed only limited monitoring procedures for subrecipients who expended more than $750,000 of AOT awards during the year. Additionally, AOT’s management reported that it misunderstood the detailed transactions required to substantiate the $50,214 in payroll expenditures. X ICA’s management reported that there was a misunderstanding on which State agency was responsible for performing the subrecipient monitoring of the monies it passed through to subrecipients and consequently did not develop all the necessary subrecipient monitoring policies and procedures. Further, OSPB previously reported that it hired additional staff in fiscal year 2023 to begin addressing audit finding issues noted in prior years and began performing required risk assessments in fiscal year 2024. 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, OSPB, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take action, as directed by the federal awarding agencies (2 CFR §200.521). Criteria Federal regulation requires State agencies to monitor subrecipients, which includes required monitoring procedures, as follows (2 CFR §200.332): X Assess the risk of each subrecipient’s noncompliance and perform monitoring activities based on those risk assessments. Based on risk, additional monitoring procedures could include providing training or technical assistance on program-related matters, performing site visits, and/or other monitoring procedures. X Review financial and performance reports. X Verify single audits were conducted timely; following up on and ensuring corrective action is taken on audit findings that could potentially affect the program; and issuing a management decision for audit findings pertaining to the federal award. X Include required information in subrecipient subaward agreements, including required federal award information; requirements imposed by federal statutes, regulations, and the terms and conditions of the federal award; any additional requirements that the pass-through entity imposes, and a requirement that the subrecipient permit the pass-through entity to access the subrecipient’s records and financial statements to fulfill its monitoring requirements. In addition, the State’s subrecipient monitoring policies and procedures require State agencies to consider and assess risk of each subrecipient and carry out required and various other monitoring procedures based on those risk assessments.3 Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to ADOH, ADWR, AOT, and ICA Work with the State’s Office of Strategic Planning and Budgeting to either update or develop and implement policies and procedures and train responsible staff to perform required monitoring of their subrecipients to ensure compliance with award terms and program requirements, including procedures to: 1. Assess the risk of each subrecipient’s noncompliance and perform additional monitoring procedures based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, performing site visits, and/or other monitoring procedures. (ADOH, ADWR, and ICA) 2. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. (ADOH, ADWR, AOT, and ICA) 3 Arizona Department of Administration Office of Grants and Federal Resources. (2018). Grants Management Manual – Grantor, Chapter 8: Award Monitoring. Retrieved 10/29/2025 from https://ospb.az.gov/sites/default/files/2026-01/Arizona%20Grants%20Management%20 Grantor%20Manual%20Edition%202022.pdf 3. Request and view supporting transaction details prior to paying subrecipients for payroll costs to verify they meet the requirements of the award terms and program requirements. (AOT) 4. Establish subaward agreements with subrecipients communicating allowable uses of program monies and other information required by federal regulations prior to distributing program monies. (ICA) Recommendations to OSPB 5. Work with the federal agency and the subrecipients to resolve the $1,623,846 of program monies that may have been spent in violation of its federal award terms and that may need to be returned to the federal agency. 6. Continue to assess the risk of each subrecipient’s noncompliance and perform additional monitoring procedures based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, performing site visits, and/or other monitoring procedures to ensure questioned costs are timely identified and remedied. This finding is similar to prior-year finding 2023-102 and was initially reported in fiscal year 2022. Views of responsible officials State management concurs with this finding. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials regarding these recommendations. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
The Arizona Department of Education did not monitor procedures of charter schools with relationships with charter management organizations, risking funds not being spent in accordance with the award terms and program requirements, and reduced future awards Assistance Listings number(s) and name(s): 84.010 Title I Grants to Local Educational Agencies 84.367 Supporting Effective Instruction State Grants (formerly Improving Teacher Quality State Grants)* *referred to as Title II Award number(s) and year(s): S010A200003 July 1, 2020 through September 30, 2023 S010A210003 July 1, 2021 through September 30, 2023 S010A220003 July 1, 2022 through September 30, 2023 S010A230003 July 1, 2023 through September 30, 2024 S367A210049 July 1, 2021 through September 30, 2023 S367A220049 July 1, 2022 through September 30, 2023 S367A230049 July 1, 2023 through September 30, 2024 Federal agency: U.S. Department of Education Compliance requirement(s): Special tests and provisions Questioned costs: Unknown Condition The Arizona Department of Education’s Grants Management Department (Department) disbursed over $59 million and over $6.8 million in Title I and Title II funds, respectively, to 242 Title I and 233 Title II charter school local educational agencies (LEAs) during fiscal year 2024 but did not perform certain monitoring procedures required by the U.S. Department of Education. Specifically, the Department did not identify which of the 242 Title I and 233 Title II charter school LEAs receiving federal grant monies had relationships with charter management organizations (CMOs) in order to perform additional required monitoring to assess the additional risk posed by conflicts of interest, related-party transactions, or insufficient segregation of duties at these charter schools.1 1 The term “charter management organization” means a nonprofit organization that operates or manages a network of charter schools linked by centralized support, operations, and oversight (20 USC 7221i[3]). Retrieved 11/11/2025 from https://www.law.cornell.edu/uscode/ text/20/7221i#2 Effect The Department’s not identifying or performing additional monitoring of charter schools with relationships with CMOs increases the risk that funds allocated to these charter school LEAs may not have been spent in accordance with the award terms and program requirements and could result in the U.S. Department of Education reducing future awards.2 Further, if monies were spent inconsistently with program requirements, those who were intended to benefit from the program may not have received all the services or other benefits they otherwise would have received. Additionally, the Department is at risk that this finding applies to other federal programs it administers. Cause The Department’s documented program policies and procedures for monitoring LEAs did not differentiate between regular LEAs, charter schools without CMOs, or charter schools with relationships with CMOs and did not include specific procedures to assess the additional risk posed by conflicts of interest, related-party transactions, or insufficient segregation of duties. The Department reported that it began incorporating policy changes into grant administration and monitoring policies in early 2024; however, these policies were not completed until May 2024 and did not become effective until fiscal year 2025. Criteria Federal regulations require the Department to monitor subrecipients, including charter schools, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments. Those federal regulations also provide that monitoring procedures may include reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b and d]) As part of these monitoring responsibilities, the U.S. Department of Education requires the Department to monitor charter schools with relationships with CMOs and assess the additional risk posed by conflicts of interest, related-party transactions, or insufficient segregation of duties.3,4 Also, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Department, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 3 On September 28, 2015, the U.S. Department of Education issued a letter to State Educational Agencies (SEAs) reminding them of their role in helping to ensure that federal funds accessed by public charter schools are used for intended, appropriate purposes, and provided additional resources for states, and specifically SEAs, to consult as they consider improvements to their monitoring and oversight procedures for charter schools (U.S. Department of Education. [2015, September]. Letter to SEAs. Retrieved 11/18/2025 from https://oese.ed.gov/files/2020/07/ finalsignedcsp.pdf 4 On September 29, 2016, the U.S. Department of Education’s Office of Inspector General issued an audit report on charter schools with CMOs and identified risks such as conflicts of interest, related-party transactions, or insufficient segregation of duties (U.S. Department of Education. [2016, September]. Nationwide Assessment of Charter and Education Management Organizations. Retrieved 11/18/2025 from https://oig.ed. gov/sites/default/files/reports/2023-11/a02m0012.pdf Recommendations to the Department 1. Perform annual monitoring over charter schools with relationships with CMOs, including performing risk-assessment procedures over the additional risk posed by conflicts of interest, related-party transactions, or insufficient segregation of duties, and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. 2. Implement revisions to existing LEA-monitoring policies and procedures and train employees to identify charter schools that have relationships with CMOs and to then assess and design monitoring procedures over conflicts of interest, related-party transactions, or insufficient segregation of duties. This finding is similar to prior-year finding 2023-125 and was initially reported in fiscal year 2023. Views of responsible officials State management concurs with this finding. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials regarding these recommendations. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
DEPARTMENT OF HUMAN SERVICES SUBRECIPIENT MONITORING Significant Deficiency Immaterial Noncompliance 2024-039 Strengthen Controls over Subrecipient Monitoring to Ensure Compliance with Uniform Guidance Auditing Requirements. ALN Number(s) 93.558 Temporary Assistance for Needy Families (TANF) 93.489, 93.575, 93.596 Child Care Development Fund (CCDF) 93.568 Low Income Household Energy Assistance Program (LIHEAP) Federal Award No. All Current Active Grants Questioned Costs N/A Criteria Code of Federal Regulations (2 CFR 200.512(a)(1)) states the audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor's report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. Code of Federal Regulations (2 CFR 200.332(d)(2)) states all pass-through entities must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. Code of Federal Regulations (2 CFR 200.332(f)) states all pass-through entities must verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. Condition When performing testwork related to OMB Single Audit Monitoring as of June 30, 2024, the auditor noted the following: • Four instances (or 33.33 percent) in which there was no documentation of communication between the agency and the subrecipient regarding audit reports that had not been received within nine months of the subrecipients fiscal year-end. • One instance (or 8 percent) in which there was no documentation that a corrective action plan was provided. Cause Staff were either unaware or did not follow identified policies and procedures for monitoring requirements. Effect Failure to properly monitor subrecipients could allow noncompliance with federal regulations to occur and go undetected, potentially resulting in fraud, waste, and abuse within the agency. Recommendation We recommend the Mississippi Department of Human Services' Division of Program Integrity - Division of Monitoring (DM) strengthen controls over subrecipient monitoring for Uniform Guidance audits to ensure recipients expending $750,000 or more in Federal funds during their fiscal year are meeting Uniform Guidance Audit requirements. Repeat Finding Yes, 2023-018, 2022-018, and 2021-014. Statistically Valid Yes.
Finding 2024-012 – Noncompliance with Subrecipient Monitoring Over Major Federal Program – Coronavirus State and Local Fiscal Recovery Funds (Repeat Finding – 2023-012) PASS-THROUGH GRANTOR: Direct Grant FEDERAL AGENCY: U.S. Department of Treasury ASSISTANE LISTING: 21.027 FEDERAL PROGRAM NAME: Coronavirus State and Local Fiscal Recovery Funds FEDERAL AWARD YEAR: 2021 CONTROL CATEGORY: Subrecipient Monitoring QUESTIONED COSTS: $-0- Condition: During the test of 100% of expenditures of the Coronavirus State and Local Fiscal Recovery Funds, totaling $1,152,068, it was noted that the County had two (2) subrecipients with expenditures totaling $46,935. The County does not have a subrecipient monitoring policy, and the County did not obtain agreements containing all the required elements of 2 CFR 200.332. Cause of Condition: Policies and procedures have not been designed and implemented to ensure federal expenditures are made in accordance with compliance requirements. Effect of Condition: This condition resulted in noncompliance with grant requirements and could lead to a loss of federal funds to the County. Recommendation: OSAI recommends the County gain an understanding of the requirements for this program and implement internal controls to ensure compliance with these requirements. Management Response: Chairman of the Board of County Commissioners: The Board of County Commissioners will take measures to ensure future compliance with all requirements of federal grants. Criteria: 2 CFR 200 §200.332 Requirement for Pass-Through Entities states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award. (5) A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part. (6) Appropriate terms and conditions concerning closeout of the subaward.
Federal agency: U.S. Treasury Department Federal program title: Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.019 Pass-Through Agency: Prince William County Pass-Through Number(s): 117203461 Award Period: 3/11/2022 – 12/31/2024 Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Uniform Guidance §200.331 and §200.332 requires pass-through entities to ensure that subrecipients comply with Federal statutes, regulations, and the terms and conditions of their subawards. This includes performing subrecipient monitoring procedures such as reviewing financial and programmatic reports, following up on identified deficiencies, and issuing management decisions for audit findings. Condition: The auditee did not have documented policies or procedures in place to monitor subrecipients for compliance with federal award requirements. Specifically, the auditee did not perform or document required subrecipient monitoring activities, such as review of financial or programmatic reports, verification of compliance with applicable federal requirements, or follow-up on subrecipient audit results, for the fiscal year under audit. Questioned costs: $2,246,007; Questioned costs reflect only funds passed through to subrecipients and exclude amounts expended directly by the auditee. Context: Due to the absence of subrecipient monitoring controls and procedures, unable to determine whether subrecipients complied with applicable federal requirements. As a result, the entire amount of subrecipient expenditures was considered noncompliant and was reported as questioned costs. This finding affected all subawards under the program. Cause and Effect: Management did not establish or maintain formal subrecipient monitoring policies and procedures and did not assign sufficient resources or oversight responsibility to ensure compliance with Uniform Guidance requirements governing subrecipient monitoring. As a result of the lack of subrecipient monitoring, the auditee was unable to ensure subrecipient compliance with federal award requirements. This resulted in material noncompliance, a material weakness in internal control over compliance, and material questioned costs totaling approximately $2.2 million, representing the full amount of federal funds passed through to subrecipients under the program. This finding resulted in an adverse opinion on compliance for the major program. Repeat Finding: Yes; 2023-002 Recommendation: We recommend that the Alliance establishes a formal policy for sub-recipient monitoring in accordance with requirements outlined in 2 CFR §200.331 and 2 CFR §200.332 to ensure its sub-recipients are properly monitored. Views of responsible officials and planned corrective action: There is no disagreement with the audit finding. The Alliance performed certain monitoring activities; however, documentation was not retained in a manner sufficient to demonstrate compliance with Uniform Guidance requirements. This policy has since been revised to save the monitoring documentation to the grant management software. Contact person responsible for corrective action: Lisa Wolf, Board Chair. Anticipated Completion Date: June 30, 2026
Finding 2023-001: Subrecipient Monitoring Identification of federal program: Program Title: Community Economic Adjustment Assistance for Compatible Use and Joint Land Use Studies Assistance Listing Number: 12.610 Award Identification: W9124J2120002 Federal Agency: U.S. Department of Defense, Office of Local Defense Community Cooperation Criteria or Specific Requirement: Title 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. All pass-through entities are required to have subrecipient monitoring policies and procedures in place, which conform to the requirements of Title 2 CFR § 200.332 to identify subawards, evaluate risk of noncompliance, and perform monitoring procedures based upon identified risks. Condition: In testing compliance over subrecipient monitoring, we noted the Fund does not have a subrecipient monitoring policy in place that fully conforms with requirements of Title 2 CFR § 200.332. Cause: Historically the Fund has had few subawards and therefore has not developed full written subrecipient monitoring policies and procedures. Effect: The Fund should implement policies and procedures for monitoring subrecipients in accordance with Title 2 CFR § 200.332. Questioned Costs: None Context: While management’s existing process includes certain elements of subrecipient monitoring, a formal adopted policy is not in place that that fully conforms with requirements of Title 2 CFR § 200.332. Repeat finding: No Recommendation: Implement policies and procedures for monitoring subrecipients, including adequate documentation that conforms to the requirements of Title 2 CFR § 200.332. Views of responsible individuals: Management concurs with and will implement the recommendation. See corrective action plan.
Finding 2023-001 – Reporting Identification of federal program: Assistance Listing No. 93.558 – Temporary Assistance for Needy Families. Criteria or specific requirement: Section 200.332 of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) provides the requirements for pass-through entities. A pass-through entity (PTE) must clearly identify to the subrecipient the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(2); all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.331(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). Condition: The Organization was not able to provide executed agreements with its subrecipients covering the period under audit that meet the requirements of Section 200.332 of the Uniform Guidance. Cause: Management indicated that the existing subaward agreements, which do not cover the year ended December 31, 2023, were not updated due to an oversight attributed to personnel vacancies. Effect or potential effect: Noncompliance with Section 200.332 of the Uniform Guidance could result in misunderstanding in program compliance requirements. Questioned cost: not applicable. Context: The Organization was not able to provide executed agreements that cover the audit period for the two subawards made under this program. Recommendation: We recommend that the Organization update and execute agreements with its subrecipients that contains all the required elements of Section 200.332 of the Uniform Guidance. Views of responsible officials: The Organization concurs with this finding. See page 40 for corrective action plan.
Finding 2023-001 – Reporting Identification of federal program: Assistance Listing No. 93.558 – Temporary Assistance for Needy Families. Criteria or specific requirement: Section 200.332 of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) provides the requirements for pass-through entities. A pass-through entity (PTE) must clearly identify to the subrecipient the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(2); all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.331(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). Condition: The Organization was not able to provide executed agreements with its subrecipients covering the period under audit that meet the requirements of Section 200.332 of the Uniform Guidance. Cause: Management indicated that the existing subaward agreements, which do not cover the year ended December 31, 2023, were not updated due to an oversight attributed to personnel vacancies. Effect or potential effect: Noncompliance with Section 200.332 of the Uniform Guidance could result in misunderstanding in program compliance requirements. Questioned cost: not applicable. Context: The Organization was not able to provide executed agreements that cover the audit period for the two subawards made under this program. Recommendation: We recommend that the Organization update and execute agreements with its subrecipients that contains all the required elements of Section 200.332 of the Uniform Guidance. Views of responsible officials: The Organization concurs with this finding. See page 40 for corrective action plan.
Finding 2023-001 – Reporting Identification of federal program: Assistance Listing No. 93.558 – Temporary Assistance for Needy Families. Criteria or specific requirement: Section 200.332 of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) provides the requirements for pass-through entities. A pass-through entity (PTE) must clearly identify to the subrecipient the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(2); all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.331(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). Condition: The Organization was not able to provide executed agreements with its subrecipients covering the period under audit that meet the requirements of Section 200.332 of the Uniform Guidance. Cause: Management indicated that the existing subaward agreements, which do not cover the year ended December 31, 2023, were not updated due to an oversight attributed to personnel vacancies. Effect or potential effect: Noncompliance with Section 200.332 of the Uniform Guidance could result in misunderstanding in program compliance requirements. Questioned cost: not applicable. Context: The Organization was not able to provide executed agreements that cover the audit period for the two subawards made under this program. Recommendation: We recommend that the Organization update and execute agreements with its subrecipients that contains all the required elements of Section 200.332 of the Uniform Guidance. Views of responsible officials: The Organization concurs with this finding. See page 40 for corrective action plan.
Finding 2023-001 – Reporting Identification of federal program: Assistance Listing No. 93.558 – Temporary Assistance for Needy Families. Criteria or specific requirement: Section 200.332 of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) provides the requirements for pass-through entities. A pass-through entity (PTE) must clearly identify to the subrecipient the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(2); all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.331(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). Condition: The Organization was not able to provide executed agreements with its subrecipients covering the period under audit that meet the requirements of Section 200.332 of the Uniform Guidance. Cause: Management indicated that the existing subaward agreements, which do not cover the year ended December 31, 2023, were not updated due to an oversight attributed to personnel vacancies. Effect or potential effect: Noncompliance with Section 200.332 of the Uniform Guidance could result in misunderstanding in program compliance requirements. Questioned cost: not applicable. Context: The Organization was not able to provide executed agreements that cover the audit period for the two subawards made under this program. Recommendation: We recommend that the Organization update and execute agreements with its subrecipients that contains all the required elements of Section 200.332 of the Uniform Guidance. Views of responsible officials: The Organization concurs with this finding. See page 40 for corrective action plan.
2023-001 Material Weakness – Subrecipient Monitoring – Material Noncompliance Agency: U.S. Department of Treasury Federal Assistance Listing Number: 21.027 COVID-19 - Coronavirus State and Local Recovery Funds Criteria: 2 CFR 200.332(b) requires a pass-through entity to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. 2 CFR 200.332(d) requires the passthrough entity to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Statement of Condition: Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not document their evaluation of the subrecipients risk of noncompliance and perform monitoring of the subrecipient, as required. Questioned Costs: The amount of questioned costs could not be determined. Context: Lutheran Social Services of Wisconsin and Upper Michigan, Inc.’s subrecipient was required by their contract to provide all requests for disbursement from the grantor to Lutheran Social Services of Wisconsin and Upper Michigan, Inc. for review and approval, prior to requesting the funds from the grantor. Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not receive nor did they review the three (3) draw requests during the period. Additionally, no other processes or controls were in place over the subrecipient monitoring requirement. Effect: Failure to adequately monitor the activity of a subrecipient may result in unallowable costs being charged to the federal program. Cause: Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not have proper controls in place to monitor their subrecipient. Management was unaware the subrecipient was expending passthrough funds and receiving disbursements from the federal grantor. Recommendation: We recommend management review their processes and controls surrounding subrecipients to ensure appropriate oversight is maintained and compliance with all program and contract requirements occurs. Management Response: LSS received a grant from Illinois Housing Development Authority (IHDA) which was ‘passed through’ to a tax credit project entity (the subrecipient of the grant). The agreements governing the grant to Lutheran Social Services of Wisconsin and Upper Michigan, Inc. (LSS) and loan to the subrecipient specifically called for multiple layers of review and approval by the subrecipient, IHDA, other project lenders, a title company, and at IHDA’s request, LSS. The lead developer, a member of the tax credit project entity, is responsible for managing the construction project and for preparation of all draw requests. The agreements specifically called for the tax credit project entity (as subrecipient) to certify to LSS that the draw package met the grant agreement requirements and specifications, on which certification LSS would then rely to make a corresponding certification to IHDA that the draw package met the grant agreement requirements and specifications. In this instance, the lead developer properly prepared certain draw requests (as the subrecipient), made the required certifications, and submitted them directly to IHDA without informing LSS of such draw request. Rather than requiring strict compliance with the grant agreements and rejecting the subrecipient’s draw request for the lack of LSS’s certification, IHDA elected to accept a direct certification from the subrecipient and effectively waive the LSS certification requirement. We agree that LSS did not have a monitoring system in place to ensure that the subrecipient informed LSS of draw requests and ensure that LSS’s intervening certification to IHDA be made, however there are other factors impacting the program: 1. IHDA did not notify the subrecipient or LSS under the terms of the grant documents that the intervening LSS certification was missing, and instead elected to disburse proceeds directly to the subrecipient based on the subrecipient’s direct certification which served as a waiver of the requirement of the intervening LSS certification. 2. All draw requests were approved by the contractor, the architect, the construction lender, and the title company, which multiple additional layers of review put into place by LSS and IHDA as part of grant document negotiation ensured that grant funds were properly utilized for qualifying project expenses. 3. All parties have been made aware of this issue and it has not resulted in any financial, operational or reputation implications. We have put in place a process to ensure all draw requests come to LSS for review and documented sign-off approval before submission to IHDA.
2023-001 Material Weakness – Subrecipient Monitoring – Material Noncompliance Agency: U.S. Department of Treasury Federal Assistance Listing Number: 21.027 COVID-19 - Coronavirus State and Local Recovery Funds Criteria: 2 CFR 200.332(b) requires a pass-through entity to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. 2 CFR 200.332(d) requires the passthrough entity to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Statement of Condition: Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not document their evaluation of the subrecipients risk of noncompliance and perform monitoring of the subrecipient, as required. Questioned Costs: The amount of questioned costs could not be determined. Context: Lutheran Social Services of Wisconsin and Upper Michigan, Inc.’s subrecipient was required by their contract to provide all requests for disbursement from the grantor to Lutheran Social Services of Wisconsin and Upper Michigan, Inc. for review and approval, prior to requesting the funds from the grantor. Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not receive nor did they review the three (3) draw requests during the period. Additionally, no other processes or controls were in place over the subrecipient monitoring requirement. Effect: Failure to adequately monitor the activity of a subrecipient may result in unallowable costs being charged to the federal program. Cause: Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not have proper controls in place to monitor their subrecipient. Management was unaware the subrecipient was expending passthrough funds and receiving disbursements from the federal grantor. Recommendation: We recommend management review their processes and controls surrounding subrecipients to ensure appropriate oversight is maintained and compliance with all program and contract requirements occurs. Management Response: LSS received a grant from Illinois Housing Development Authority (IHDA) which was ‘passed through’ to a tax credit project entity (the subrecipient of the grant). The agreements governing the grant to Lutheran Social Services of Wisconsin and Upper Michigan, Inc. (LSS) and loan to the subrecipient specifically called for multiple layers of review and approval by the subrecipient, IHDA, other project lenders, a title company, and at IHDA’s request, LSS. The lead developer, a member of the tax credit project entity, is responsible for managing the construction project and for preparation of all draw requests. The agreements specifically called for the tax credit project entity (as subrecipient) to certify to LSS that the draw package met the grant agreement requirements and specifications, on which certification LSS would then rely to make a corresponding certification to IHDA that the draw package met the grant agreement requirements and specifications. In this instance, the lead developer properly prepared certain draw requests (as the subrecipient), made the required certifications, and submitted them directly to IHDA without informing LSS of such draw request. Rather than requiring strict compliance with the grant agreements and rejecting the subrecipient’s draw request for the lack of LSS’s certification, IHDA elected to accept a direct certification from the subrecipient and effectively waive the LSS certification requirement. We agree that LSS did not have a monitoring system in place to ensure that the subrecipient informed LSS of draw requests and ensure that LSS’s intervening certification to IHDA be made, however there are other factors impacting the program: 1. IHDA did not notify the subrecipient or LSS under the terms of the grant documents that the intervening LSS certification was missing, and instead elected to disburse proceeds directly to the subrecipient based on the subrecipient’s direct certification which served as a waiver of the requirement of the intervening LSS certification. 2. All draw requests were approved by the contractor, the architect, the construction lender, and the title company, which multiple additional layers of review put into place by LSS and IHDA as part of grant document negotiation ensured that grant funds were properly utilized for qualifying project expenses. 3. All parties have been made aware of this issue and it has not resulted in any financial, operational or reputation implications. We have put in place a process to ensure all draw requests come to LSS for review and documented sign-off approval before submission to IHDA.
2023-001 Material Weakness – Subrecipient Monitoring – Material Noncompliance Agency: U.S. Department of Treasury Federal Assistance Listing Number: 21.027 COVID-19 - Coronavirus State and Local Recovery Funds Criteria: 2 CFR 200.332(b) requires a pass-through entity to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. 2 CFR 200.332(d) requires the passthrough entity to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Statement of Condition: Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not document their evaluation of the subrecipients risk of noncompliance and perform monitoring of the subrecipient, as required. Questioned Costs: The amount of questioned costs could not be determined. Context: Lutheran Social Services of Wisconsin and Upper Michigan, Inc.’s subrecipient was required by their contract to provide all requests for disbursement from the grantor to Lutheran Social Services of Wisconsin and Upper Michigan, Inc. for review and approval, prior to requesting the funds from the grantor. Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not receive nor did they review the three (3) draw requests during the period. Additionally, no other processes or controls were in place over the subrecipient monitoring requirement. Effect: Failure to adequately monitor the activity of a subrecipient may result in unallowable costs being charged to the federal program. Cause: Lutheran Social Services of Wisconsin and Upper Michigan, Inc. did not have proper controls in place to monitor their subrecipient. Management was unaware the subrecipient was expending passthrough funds and receiving disbursements from the federal grantor. Recommendation: We recommend management review their processes and controls surrounding subrecipients to ensure appropriate oversight is maintained and compliance with all program and contract requirements occurs. Management Response: LSS received a grant from Illinois Housing Development Authority (IHDA) which was ‘passed through’ to a tax credit project entity (the subrecipient of the grant). The agreements governing the grant to Lutheran Social Services of Wisconsin and Upper Michigan, Inc. (LSS) and loan to the subrecipient specifically called for multiple layers of review and approval by the subrecipient, IHDA, other project lenders, a title company, and at IHDA’s request, LSS. The lead developer, a member of the tax credit project entity, is responsible for managing the construction project and for preparation of all draw requests. The agreements specifically called for the tax credit project entity (as subrecipient) to certify to LSS that the draw package met the grant agreement requirements and specifications, on which certification LSS would then rely to make a corresponding certification to IHDA that the draw package met the grant agreement requirements and specifications. In this instance, the lead developer properly prepared certain draw requests (as the subrecipient), made the required certifications, and submitted them directly to IHDA without informing LSS of such draw request. Rather than requiring strict compliance with the grant agreements and rejecting the subrecipient’s draw request for the lack of LSS’s certification, IHDA elected to accept a direct certification from the subrecipient and effectively waive the LSS certification requirement. We agree that LSS did not have a monitoring system in place to ensure that the subrecipient informed LSS of draw requests and ensure that LSS’s intervening certification to IHDA be made, however there are other factors impacting the program: 1. IHDA did not notify the subrecipient or LSS under the terms of the grant documents that the intervening LSS certification was missing, and instead elected to disburse proceeds directly to the subrecipient based on the subrecipient’s direct certification which served as a waiver of the requirement of the intervening LSS certification. 2. All draw requests were approved by the contractor, the architect, the construction lender, and the title company, which multiple additional layers of review put into place by LSS and IHDA as part of grant document negotiation ensured that grant funds were properly utilized for qualifying project expenses. 3. All parties have been made aware of this issue and it has not resulted in any financial, operational or reputation implications. We have put in place a process to ensure all draw requests come to LSS for review and documented sign-off approval before submission to IHDA.
Finding 2023-002: Pre-Award Risk Assessment for Sub-Recipient Information on the Federal Program: 93.048 Criteria: As stated in 2 CFR 200.331 part (b), all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring procedures to prescribe to each individual subrecipient. Condition: During our testing performed over subrecipient expenditures, we were unable to obtain evidence that pre-award risk assessment procedures were performed over subrecipients, consistent with 2 CFR §200.332(b). Cause: The Organization's internal policies and procedures governing risk assessment on subrecipients was not performed. Effect or Potential Effect: The Organization could inadvertently be engaged in relationships with subrecipients of higher risk without the appropriate level of oversight to ensure subrecipients are expending funds in accordance with the provisions and terms of the subaward. Questioned Costs: None noted. Context: Our audit procedures consisted of substantive testwork over a sample of subrecipients. We consider our sample to be representative of the population. The samples were made using statistical sampling and we believe the condition appeared to be systematic in nature. Identification as a Repeat Finding, if Applicable: Not a repeat finding. Recommendation: We recommend that the Organization follow their internal policies regarding performing a pre-award risk assessment on all new sub-recipients engaged throughout the life of the award. For repeat sub-recipients, the risk assessment should be re-visited throughout the award term to ensure that conditions have not changed and the original risk assessment remains reasonable.
Criteria or specific requirement: The Code of Federal Regulations, 2 CFR 200.332, states that nonfederal entities passing federal awards through to other entities are required to ensure that subawards to subrecipients include required federal award identification and detail of all compliance and other requirements for the federal award. Condition: During our testing we noted that the Company did not include the federally required elements of the award in the subrecipient agreement. Context: For 6 of the 9 subrecipients selected, the Company did not include in their agreements the required federal award information as outlined by 2 CFR 200.332. Cause: Management was made aware of requirements during the award period and created addendums for agreements with subrecipients. For 6 of the 9 subrecipients selected, addendums with the conditions of the award were not created at the time of our review, and the required information was not provided to subrecipients. Effect: The Company is not in compliance with subrecipient monitoring requirements as outlined by 2 CFR 200.332. Recommendation: We recommend the Company to include all guidance under 2 CFR 200.332 in the agreements entered with subrecipients. Views of responsible officials: There is no disagreement with the audit finding. The company has investigated why the information was not provided, and found the cause was an isolated incident, and the error of a former employee who has since been removed from the company. Measures have been put in place to ensure future compliance.
U.S. Department of Treasury Passed-through the Colorado Department of Local Affairs FFAL #21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Subrecipient Monitoring Material Noncompliance Material Weakness in Internal Controls Criteria: Section 2 CFR 200.331 establishes the determination of whether there is a subrecipient or contractor of the federal award. The non-Federal entity may concurrently receive Federal awards as a recipient, a subrecipient, and a contractor, depending on the substance of its agreements with Federal awarding agencies and pass-through entities. Therefore, a passthrough entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. The Federal awarding agency may supply and require recipients to comply with additional guidance to support these determinations provided such guidance does not conflict with this section. Once it is determined the recipient is a sub-recipient there are certain requirements for pass-through entities established in 2 CFR 200.332. Per 2 CFR 200.332, pass-through entities are responsible for informing subrecipients of the Federal award identifiers including but not limited to award date, period of performance and Federal awarding agency and Assistance Listing Number and title. Pass-through entities are required to assess the subrecipient’s risk of noncompliance with Federal statutes, regulations and the terms and conditions of the subaward. Further, the pass-through entity is required to perform certain monitoring activities to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Finally, the pass-through entity should also verify the subrecipient is audited as required by Subpart F - Audit Requirement under the Uniform Guidance. The monitoring policy should include an initial valuation of risk of noncompliance to determine the appropriate level of monitoring required related to the subaward as well as appropriate awarding documentation. Condition: The County did not appropriately identify two subrecipients of the grant and initially determined them to be contractors. The County failed to perform any subrecipient monitoring as required by the Uniform Guidance. Cause: Due to the County’s failure to understand the sub-recipient monitoring requirements, two of subawards were incorrectly identified as contractors and none of the required award and monitoring procedures were performed for the four subrecipients of the grant. Effect: Insufficient procedures and internal controls related to subrecipients resulted in noncompliance. Questioned Costs: No questioned costs were identified as a result of our procedures. 16 Summit County, Colorado Schedule of Findings and Questioned Costs Year Ended December 31, 2023 Context/Sampling: All four subrecipients were selected for subrecipient monitoring testing. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County establish and adhere to policies and procedures, including internal controls, to ensure compliance with subrecipient monitoring requirements as established by 2 CFR 200.331 and 2 CFR 200.332. Views of Responsible Officials: Management agrees with the finding.
U.S. Department of Treasury Passed-through the Colorado Department of Local Affairs FFAL #21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Subrecipient Monitoring Material Noncompliance Material Weakness in Internal Controls Criteria: Section 2 CFR 200.331 establishes the determination of whether there is a subrecipient or contractor of the federal award. The non-Federal entity may concurrently receive Federal awards as a recipient, a subrecipient, and a contractor, depending on the substance of its agreements with Federal awarding agencies and pass-through entities. Therefore, a passthrough entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. The Federal awarding agency may supply and require recipients to comply with additional guidance to support these determinations provided such guidance does not conflict with this section. Once it is determined the recipient is a sub-recipient there are certain requirements for pass-through entities established in 2 CFR 200.332. Per 2 CFR 200.332, pass-through entities are responsible for informing subrecipients of the Federal award identifiers including but not limited to award date, period of performance and Federal awarding agency and Assistance Listing Number and title. Pass-through entities are required to assess the subrecipient’s risk of noncompliance with Federal statutes, regulations and the terms and conditions of the subaward. Further, the pass-through entity is required to perform certain monitoring activities to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Finally, the pass-through entity should also verify the subrecipient is audited as required by Subpart F - Audit Requirement under the Uniform Guidance. The monitoring policy should include an initial valuation of risk of noncompliance to determine the appropriate level of monitoring required related to the subaward as well as appropriate awarding documentation. Condition: The County did not appropriately identify two subrecipients of the grant and initially determined them to be contractors. The County failed to perform any subrecipient monitoring as required by the Uniform Guidance. Cause: Due to the County’s failure to understand the sub-recipient monitoring requirements, two of subawards were incorrectly identified as contractors and none of the required award and monitoring procedures were performed for the four subrecipients of the grant. Effect: Insufficient procedures and internal controls related to subrecipients resulted in noncompliance. Questioned Costs: No questioned costs were identified as a result of our procedures. 16 Summit County, Colorado Schedule of Findings and Questioned Costs Year Ended December 31, 2023 Context/Sampling: All four subrecipients were selected for subrecipient monitoring testing. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County establish and adhere to policies and procedures, including internal controls, to ensure compliance with subrecipient monitoring requirements as established by 2 CFR 200.331 and 2 CFR 200.332. Views of Responsible Officials: Management agrees with the finding.
U.S. Department of Treasury Passed-through the Colorado Department of Local Affairs FFAL #21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Subrecipient Monitoring Material Noncompliance Material Weakness in Internal Controls Criteria: Section 2 CFR 200.331 establishes the determination of whether there is a subrecipient or contractor of the federal award. The non-Federal entity may concurrently receive Federal awards as a recipient, a subrecipient, and a contractor, depending on the substance of its agreements with Federal awarding agencies and pass-through entities. Therefore, a passthrough entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. The Federal awarding agency may supply and require recipients to comply with additional guidance to support these determinations provided such guidance does not conflict with this section. Once it is determined the recipient is a sub-recipient there are certain requirements for pass-through entities established in 2 CFR 200.332. Per 2 CFR 200.332, pass-through entities are responsible for informing subrecipients of the Federal award identifiers including but not limited to award date, period of performance and Federal awarding agency and Assistance Listing Number and title. Pass-through entities are required to assess the subrecipient’s risk of noncompliance with Federal statutes, regulations and the terms and conditions of the subaward. Further, the pass-through entity is required to perform certain monitoring activities to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Finally, the pass-through entity should also verify the subrecipient is audited as required by Subpart F - Audit Requirement under the Uniform Guidance. The monitoring policy should include an initial valuation of risk of noncompliance to determine the appropriate level of monitoring required related to the subaward as well as appropriate awarding documentation. Condition: The County did not appropriately identify two subrecipients of the grant and initially determined them to be contractors. The County failed to perform any subrecipient monitoring as required by the Uniform Guidance. Cause: Due to the County’s failure to understand the sub-recipient monitoring requirements, two of subawards were incorrectly identified as contractors and none of the required award and monitoring procedures were performed for the four subrecipients of the grant. Effect: Insufficient procedures and internal controls related to subrecipients resulted in noncompliance. Questioned Costs: No questioned costs were identified as a result of our procedures. 16 Summit County, Colorado Schedule of Findings and Questioned Costs Year Ended December 31, 2023 Context/Sampling: All four subrecipients were selected for subrecipient monitoring testing. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County establish and adhere to policies and procedures, including internal controls, to ensure compliance with subrecipient monitoring requirements as established by 2 CFR 200.331 and 2 CFR 200.332. Views of Responsible Officials: Management agrees with the finding.
U.S. Department of Treasury Passed-through the Colorado Department of Local Affairs FFAL #21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Subrecipient Monitoring Material Noncompliance Material Weakness in Internal Controls Criteria: Section 2 CFR 200.331 establishes the determination of whether there is a subrecipient or contractor of the federal award. The non-Federal entity may concurrently receive Federal awards as a recipient, a subrecipient, and a contractor, depending on the substance of its agreements with Federal awarding agencies and pass-through entities. Therefore, a passthrough entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. The Federal awarding agency may supply and require recipients to comply with additional guidance to support these determinations provided such guidance does not conflict with this section. Once it is determined the recipient is a sub-recipient there are certain requirements for pass-through entities established in 2 CFR 200.332. Per 2 CFR 200.332, pass-through entities are responsible for informing subrecipients of the Federal award identifiers including but not limited to award date, period of performance and Federal awarding agency and Assistance Listing Number and title. Pass-through entities are required to assess the subrecipient’s risk of noncompliance with Federal statutes, regulations and the terms and conditions of the subaward. Further, the pass-through entity is required to perform certain monitoring activities to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Finally, the pass-through entity should also verify the subrecipient is audited as required by Subpart F - Audit Requirement under the Uniform Guidance. The monitoring policy should include an initial valuation of risk of noncompliance to determine the appropriate level of monitoring required related to the subaward as well as appropriate awarding documentation. Condition: The County did not appropriately identify two subrecipients of the grant and initially determined them to be contractors. The County failed to perform any subrecipient monitoring as required by the Uniform Guidance. Cause: Due to the County’s failure to understand the sub-recipient monitoring requirements, two of subawards were incorrectly identified as contractors and none of the required award and monitoring procedures were performed for the four subrecipients of the grant. Effect: Insufficient procedures and internal controls related to subrecipients resulted in noncompliance. Questioned Costs: No questioned costs were identified as a result of our procedures. 16 Summit County, Colorado Schedule of Findings and Questioned Costs Year Ended December 31, 2023 Context/Sampling: All four subrecipients were selected for subrecipient monitoring testing. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County establish and adhere to policies and procedures, including internal controls, to ensure compliance with subrecipient monitoring requirements as established by 2 CFR 200.331 and 2 CFR 200.332. Views of Responsible Officials: Management agrees with the finding.
U.S. Department of Treasury Passed-through the Colorado Department of Local Affairs FFAL #21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Subrecipient Monitoring Material Noncompliance Material Weakness in Internal Controls Criteria: Section 2 CFR 200.331 establishes the determination of whether there is a subrecipient or contractor of the federal award. The non-Federal entity may concurrently receive Federal awards as a recipient, a subrecipient, and a contractor, depending on the substance of its agreements with Federal awarding agencies and pass-through entities. Therefore, a passthrough entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. The Federal awarding agency may supply and require recipients to comply with additional guidance to support these determinations provided such guidance does not conflict with this section. Once it is determined the recipient is a sub-recipient there are certain requirements for pass-through entities established in 2 CFR 200.332. Per 2 CFR 200.332, pass-through entities are responsible for informing subrecipients of the Federal award identifiers including but not limited to award date, period of performance and Federal awarding agency and Assistance Listing Number and title. Pass-through entities are required to assess the subrecipient’s risk of noncompliance with Federal statutes, regulations and the terms and conditions of the subaward. Further, the pass-through entity is required to perform certain monitoring activities to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Finally, the pass-through entity should also verify the subrecipient is audited as required by Subpart F - Audit Requirement under the Uniform Guidance. The monitoring policy should include an initial valuation of risk of noncompliance to determine the appropriate level of monitoring required related to the subaward as well as appropriate awarding documentation. Condition: The County did not appropriately identify two subrecipients of the grant and initially determined them to be contractors. The County failed to perform any subrecipient monitoring as required by the Uniform Guidance. Cause: Due to the County’s failure to understand the sub-recipient monitoring requirements, two of subawards were incorrectly identified as contractors and none of the required award and monitoring procedures were performed for the four subrecipients of the grant. Effect: Insufficient procedures and internal controls related to subrecipients resulted in noncompliance. Questioned Costs: No questioned costs were identified as a result of our procedures. 16 Summit County, Colorado Schedule of Findings and Questioned Costs Year Ended December 31, 2023 Context/Sampling: All four subrecipients were selected for subrecipient monitoring testing. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County establish and adhere to policies and procedures, including internal controls, to ensure compliance with subrecipient monitoring requirements as established by 2 CFR 200.331 and 2 CFR 200.332. Views of Responsible Officials: Management agrees with the finding.
U.S. Department of Treasury Passed-through the Colorado Department of Local Affairs FFAL #21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Subrecipient Monitoring Material Noncompliance Material Weakness in Internal Controls Criteria: Section 2 CFR 200.331 establishes the determination of whether there is a subrecipient or contractor of the federal award. The non-Federal entity may concurrently receive Federal awards as a recipient, a subrecipient, and a contractor, depending on the substance of its agreements with Federal awarding agencies and pass-through entities. Therefore, a passthrough entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. The Federal awarding agency may supply and require recipients to comply with additional guidance to support these determinations provided such guidance does not conflict with this section. Once it is determined the recipient is a sub-recipient there are certain requirements for pass-through entities established in 2 CFR 200.332. Per 2 CFR 200.332, pass-through entities are responsible for informing subrecipients of the Federal award identifiers including but not limited to award date, period of performance and Federal awarding agency and Assistance Listing Number and title. Pass-through entities are required to assess the subrecipient’s risk of noncompliance with Federal statutes, regulations and the terms and conditions of the subaward. Further, the pass-through entity is required to perform certain monitoring activities to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Finally, the pass-through entity should also verify the subrecipient is audited as required by Subpart F - Audit Requirement under the Uniform Guidance. The monitoring policy should include an initial valuation of risk of noncompliance to determine the appropriate level of monitoring required related to the subaward as well as appropriate awarding documentation. Condition: The County did not appropriately identify two subrecipients of the grant and initially determined them to be contractors. The County failed to perform any subrecipient monitoring as required by the Uniform Guidance. Cause: Due to the County’s failure to understand the sub-recipient monitoring requirements, two of subawards were incorrectly identified as contractors and none of the required award and monitoring procedures were performed for the four subrecipients of the grant. Effect: Insufficient procedures and internal controls related to subrecipients resulted in noncompliance. Questioned Costs: No questioned costs were identified as a result of our procedures. 16 Summit County, Colorado Schedule of Findings and Questioned Costs Year Ended December 31, 2023 Context/Sampling: All four subrecipients were selected for subrecipient monitoring testing. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County establish and adhere to policies and procedures, including internal controls, to ensure compliance with subrecipient monitoring requirements as established by 2 CFR 200.331 and 2 CFR 200.332. Views of Responsible Officials: Management agrees with the finding.
U.S. Department of Treasury Passed-through the Colorado Department of Local Affairs FFAL #21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Subrecipient Monitoring Material Noncompliance Material Weakness in Internal Controls Criteria: Section 2 CFR 200.331 establishes the determination of whether there is a subrecipient or contractor of the federal award. The non-Federal entity may concurrently receive Federal awards as a recipient, a subrecipient, and a contractor, depending on the substance of its agreements with Federal awarding agencies and pass-through entities. Therefore, a passthrough entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. The Federal awarding agency may supply and require recipients to comply with additional guidance to support these determinations provided such guidance does not conflict with this section. Once it is determined the recipient is a sub-recipient there are certain requirements for pass-through entities established in 2 CFR 200.332. Per 2 CFR 200.332, pass-through entities are responsible for informing subrecipients of the Federal award identifiers including but not limited to award date, period of performance and Federal awarding agency and Assistance Listing Number and title. Pass-through entities are required to assess the subrecipient’s risk of noncompliance with Federal statutes, regulations and the terms and conditions of the subaward. Further, the pass-through entity is required to perform certain monitoring activities to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Finally, the pass-through entity should also verify the subrecipient is audited as required by Subpart F - Audit Requirement under the Uniform Guidance. The monitoring policy should include an initial valuation of risk of noncompliance to determine the appropriate level of monitoring required related to the subaward as well as appropriate awarding documentation. Condition: The County did not appropriately identify two subrecipients of the grant and initially determined them to be contractors. The County failed to perform any subrecipient monitoring as required by the Uniform Guidance. Cause: Due to the County’s failure to understand the sub-recipient monitoring requirements, two of subawards were incorrectly identified as contractors and none of the required award and monitoring procedures were performed for the four subrecipients of the grant. Effect: Insufficient procedures and internal controls related to subrecipients resulted in noncompliance. Questioned Costs: No questioned costs were identified as a result of our procedures. 16 Summit County, Colorado Schedule of Findings and Questioned Costs Year Ended December 31, 2023 Context/Sampling: All four subrecipients were selected for subrecipient monitoring testing. Repeat Finding from Prior Years: No. Recommendation: We recommend that the County establish and adhere to policies and procedures, including internal controls, to ensure compliance with subrecipient monitoring requirements as established by 2 CFR 200.331 and 2 CFR 200.332. Views of Responsible Officials: Management agrees with the finding.
Finding # 2023-003 Subrecipient Monitoring (Significant Deficiency) Information on the Federal Programs: Assistance Listing #98.001 USAID Foreign Assistance for Programs Overseas Criteria or Specific Requirement: § 200.332, Requirements for pass-through entities, requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. The statute also requires pass-through entities to include certain federal award identifying information within the subaward agreement. Condition: The Institute maintains subaward selection and monitoring policies. However, the policies do not include pre-prescribed monitoring procedures based on an assessed level of risk assigned in the subaward selection stage. Additionally, as part of our audit, we selected a sample of subawards charged to the major federal programs. We noted that a subaward agreement did not contain certain federal award identifying information, specifically the relevant Federal Assistance Listing Number (ALN). Cause: The Institute maintains subaward selection and monitoring policies that do not include preprescribed monitoring procedures based on an assessed level of risk. Additionally, Federal Assistance Listing Number were omitted from the subaward agreements based on an oversight during the subaward writing process. Effect or Potential Effect: The Institute may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Not including Federal Assistance Listing Numbers in the subaward agreement could lead to the subrecipient omitting the subaward from its Schedule of Expenditures of Federal Awards. Questioned Costs: N/A Context: The Institute executes subaward agreements under US Federal grants. Therefore, the Institute is subject to § 200.332 Requirements for pass-through entities. Our audit procedures consisted of testwork completed on subawards charged to the federal awards. The report in which samples were selected was generated directly from the Institute’s general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend that the Institute revise its subaward selection and monitoring policies to include pre-prescribed monitoring procedures based on an assessed level of risk assigned in the subaward selection stage. The assessed level of risk should be documented in a pre-award risk assessment. Additionally, we recommend that the Institute ensure that all subaward agreements include all elements required by §200.332.
Finding # 2023-003 Subrecipient Monitoring (Significant Deficiency) Information on the Federal Programs: Assistance Listing #98.001 USAID Foreign Assistance for Programs Overseas Criteria or Specific Requirement: § 200.332, Requirements for pass-through entities, requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. The statute also requires pass-through entities to include certain federal award identifying information within the subaward agreement. Condition: The Institute maintains subaward selection and monitoring policies. However, the policies do not include pre-prescribed monitoring procedures based on an assessed level of risk assigned in the subaward selection stage. Additionally, as part of our audit, we selected a sample of subawards charged to the major federal programs. We noted that a subaward agreement did not contain certain federal award identifying information, specifically the relevant Federal Assistance Listing Number (ALN). Cause: The Institute maintains subaward selection and monitoring policies that do not include preprescribed monitoring procedures based on an assessed level of risk. Additionally, Federal Assistance Listing Number were omitted from the subaward agreements based on an oversight during the subaward writing process. Effect or Potential Effect: The Institute may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Not including Federal Assistance Listing Numbers in the subaward agreement could lead to the subrecipient omitting the subaward from its Schedule of Expenditures of Federal Awards. Questioned Costs: N/A Context: The Institute executes subaward agreements under US Federal grants. Therefore, the Institute is subject to § 200.332 Requirements for pass-through entities. Our audit procedures consisted of testwork completed on subawards charged to the federal awards. The report in which samples were selected was generated directly from the Institute’s general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend that the Institute revise its subaward selection and monitoring policies to include pre-prescribed monitoring procedures based on an assessed level of risk assigned in the subaward selection stage. The assessed level of risk should be documented in a pre-award risk assessment. Additionally, we recommend that the Institute ensure that all subaward agreements include all elements required by §200.332.
Finding 2023-001: Subrecipient Pre-award Risk Assessment Information on the Federal Programs: All Programs Criteria or Specific Requirement: CFR § 200.332, "Requirements for pass-through entities", requires pass-through entities to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Condition: During our testing of subawards, we were unable to verify that pre-award risk assessment procedures were performed. We additionally noted that these requirements were not incorporated into the Organizations' current policies and procedures. Cause: The Organizations do not have a formal internal policy with respect to performing subaward risk assessments as required by Federal regulation at the execution of the subaward agreements or on a regular basis. Effect or Potential Effect: The Organizations may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Questioned Costs: N/A Context: The Organizations execute subaward agreements under US Federal grants. Therefore, the Organizations are subject to CFR § 200.332 "Requirements for pass-through entities". Our audit procedures consisted of testwork completed on subawards and individual expenditures charged to the Federal awards. The report in which samples were selected was generated directly from the Organizations' general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend the Organizations develop a subaward policy to ensure the risk assessment procedures over its subrecipients are performed and documented prior to engagement. Based on these risk assessments, the Organizations should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend the Organizations require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately. Recommended factors to consider when developing a policy are as follows: Refer to 2 CFR 200.331 part (a) for complete listing of data elements that are required to be included in every subaward, and incorporate this listing into the updated policies and procedures. Establish criteria to be used in the evaluation of the risk of noncompliance associated with the intended subrecipient for the purpose of determining the expected level of oversight during the period of performance. This evaluation should include a scaling system, such as high, medium or low risk (for example), and the monitoring tools and procedures to be performed at each of these levels (additional training, on-site reviews, types of and frequency of reporting, etc.).
Finding 2023-001: Subrecipient Pre-award Risk Assessment Information on the Federal Programs: All Programs Criteria or Specific Requirement: CFR § 200.332, "Requirements for pass-through entities", requires pass-through entities to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Condition: During our testing of subawards, we were unable to verify that pre-award risk assessment procedures were performed. We additionally noted that these requirements were not incorporated into the Organizations' current policies and procedures. Cause: The Organizations do not have a formal internal policy with respect to performing subaward risk assessments as required by Federal regulation at the execution of the subaward agreements or on a regular basis. Effect or Potential Effect: The Organizations may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Questioned Costs: N/A Context: The Organizations execute subaward agreements under US Federal grants. Therefore, the Organizations are subject to CFR § 200.332 "Requirements for pass-through entities". Our audit procedures consisted of testwork completed on subawards and individual expenditures charged to the Federal awards. The report in which samples were selected was generated directly from the Organizations' general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend the Organizations develop a subaward policy to ensure the risk assessment procedures over its subrecipients are performed and documented prior to engagement. Based on these risk assessments, the Organizations should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend the Organizations require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately. Recommended factors to consider when developing a policy are as follows: Refer to 2 CFR 200.331 part (a) for complete listing of data elements that are required to be included in every subaward, and incorporate this listing into the updated policies and procedures. Establish criteria to be used in the evaluation of the risk of noncompliance associated with the intended subrecipient for the purpose of determining the expected level of oversight during the period of performance. This evaluation should include a scaling system, such as high, medium or low risk (for example), and the monitoring tools and procedures to be performed at each of these levels (additional training, on-site reviews, types of and frequency of reporting, etc.).
Finding 2023-001: Subrecipient Pre-award Risk Assessment Information on the Federal Programs: All Programs Criteria or Specific Requirement: CFR § 200.332, "Requirements for pass-through entities", requires pass-through entities to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Condition: During our testing of subawards, we were unable to verify that pre-award risk assessment procedures were performed. We additionally noted that these requirements were not incorporated into the Organizations' current policies and procedures. Cause: The Organizations do not have a formal internal policy with respect to performing subaward risk assessments as required by Federal regulation at the execution of the subaward agreements or on a regular basis. Effect or Potential Effect: The Organizations may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Questioned Costs: N/A Context: The Organizations execute subaward agreements under US Federal grants. Therefore, the Organizations are subject to CFR § 200.332 "Requirements for pass-through entities". Our audit procedures consisted of testwork completed on subawards and individual expenditures charged to the Federal awards. The report in which samples were selected was generated directly from the Organizations' general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend the Organizations develop a subaward policy to ensure the risk assessment procedures over its subrecipients are performed and documented prior to engagement. Based on these risk assessments, the Organizations should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend the Organizations require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately. Recommended factors to consider when developing a policy are as follows: Refer to 2 CFR 200.331 part (a) for complete listing of data elements that are required to be included in every subaward, and incorporate this listing into the updated policies and procedures. Establish criteria to be used in the evaluation of the risk of noncompliance associated with the intended subrecipient for the purpose of determining the expected level of oversight during the period of performance. This evaluation should include a scaling system, such as high, medium or low risk (for example), and the monitoring tools and procedures to be performed at each of these levels (additional training, on-site reviews, types of and frequency of reporting, etc.).
Finding 2023-001: Subrecipient Pre-award Risk Assessment Information on the Federal Programs: All Programs Criteria or Specific Requirement: CFR § 200.332, "Requirements for pass-through entities", requires pass-through entities to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Condition: During our testing of subawards, we were unable to verify that pre-award risk assessment procedures were performed. We additionally noted that these requirements were not incorporated into the Organizations' current policies and procedures. Cause: The Organizations do not have a formal internal policy with respect to performing subaward risk assessments as required by Federal regulation at the execution of the subaward agreements or on a regular basis. Effect or Potential Effect: The Organizations may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Questioned Costs: N/A Context: The Organizations execute subaward agreements under US Federal grants. Therefore, the Organizations are subject to CFR § 200.332 "Requirements for pass-through entities". Our audit procedures consisted of testwork completed on subawards and individual expenditures charged to the Federal awards. The report in which samples were selected was generated directly from the Organizations' general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend the Organizations develop a subaward policy to ensure the risk assessment procedures over its subrecipients are performed and documented prior to engagement. Based on these risk assessments, the Organizations should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend the Organizations require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately. Recommended factors to consider when developing a policy are as follows: Refer to 2 CFR 200.331 part (a) for complete listing of data elements that are required to be included in every subaward, and incorporate this listing into the updated policies and procedures. Establish criteria to be used in the evaluation of the risk of noncompliance associated with the intended subrecipient for the purpose of determining the expected level of oversight during the period of performance. This evaluation should include a scaling system, such as high, medium or low risk (for example), and the monitoring tools and procedures to be performed at each of these levels (additional training, on-site reviews, types of and frequency of reporting, etc.).
Finding 2023-001: Subrecipient Pre-award Risk Assessment Information on the Federal Programs: All Programs Criteria or Specific Requirement: CFR § 200.332, "Requirements for pass-through entities", requires pass-through entities to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Condition: During our testing of subawards, we were unable to verify that pre-award risk assessment procedures were performed. We additionally noted that these requirements were not incorporated into the Organizations' current policies and procedures. Cause: The Organizations do not have a formal internal policy with respect to performing subaward risk assessments as required by Federal regulation at the execution of the subaward agreements or on a regular basis. Effect or Potential Effect: The Organizations may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Questioned Costs: N/A Context: The Organizations execute subaward agreements under US Federal grants. Therefore, the Organizations are subject to CFR § 200.332 "Requirements for pass-through entities". Our audit procedures consisted of testwork completed on subawards and individual expenditures charged to the Federal awards. The report in which samples were selected was generated directly from the Organizations' general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend the Organizations develop a subaward policy to ensure the risk assessment procedures over its subrecipients are performed and documented prior to engagement. Based on these risk assessments, the Organizations should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend the Organizations require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately. Recommended factors to consider when developing a policy are as follows: Refer to 2 CFR 200.331 part (a) for complete listing of data elements that are required to be included in every subaward, and incorporate this listing into the updated policies and procedures. Establish criteria to be used in the evaluation of the risk of noncompliance associated with the intended subrecipient for the purpose of determining the expected level of oversight during the period of performance. This evaluation should include a scaling system, such as high, medium or low risk (for example), and the monitoring tools and procedures to be performed at each of these levels (additional training, on-site reviews, types of and frequency of reporting, etc.).
Finding 2023-001: Subrecipient Pre-award Risk Assessment Information on the Federal Programs: All Programs Criteria or Specific Requirement: CFR § 200.332, "Requirements for pass-through entities", requires pass-through entities to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Condition: During our testing of subawards, we were unable to verify that pre-award risk assessment procedures were performed. We additionally noted that these requirements were not incorporated into the Organizations' current policies and procedures. Cause: The Organizations do not have a formal internal policy with respect to performing subaward risk assessments as required by Federal regulation at the execution of the subaward agreements or on a regular basis. Effect or Potential Effect: The Organizations may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Questioned Costs: N/A Context: The Organizations execute subaward agreements under US Federal grants. Therefore, the Organizations are subject to CFR § 200.332 "Requirements for pass-through entities". Our audit procedures consisted of testwork completed on subawards and individual expenditures charged to the Federal awards. The report in which samples were selected was generated directly from the Organizations' general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend the Organizations develop a subaward policy to ensure the risk assessment procedures over its subrecipients are performed and documented prior to engagement. Based on these risk assessments, the Organizations should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend the Organizations require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately. Recommended factors to consider when developing a policy are as follows: Refer to 2 CFR 200.331 part (a) for complete listing of data elements that are required to be included in every subaward, and incorporate this listing into the updated policies and procedures. Establish criteria to be used in the evaluation of the risk of noncompliance associated with the intended subrecipient for the purpose of determining the expected level of oversight during the period of performance. This evaluation should include a scaling system, such as high, medium or low risk (for example), and the monitoring tools and procedures to be performed at each of these levels (additional training, on-site reviews, types of and frequency of reporting, etc.).
Finding 2023-001: Subrecipient Pre-award Risk Assessment Information on the Federal Programs: All Programs Criteria or Specific Requirement: CFR § 200.332, "Requirements for pass-through entities", requires pass-through entities to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Condition: During our testing of subawards, we were unable to verify that pre-award risk assessment procedures were performed. We additionally noted that these requirements were not incorporated into the Organizations' current policies and procedures. Cause: The Organizations do not have a formal internal policy with respect to performing subaward risk assessments as required by Federal regulation at the execution of the subaward agreements or on a regular basis. Effect or Potential Effect: The Organizations may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Questioned Costs: N/A Context: The Organizations execute subaward agreements under US Federal grants. Therefore, the Organizations are subject to CFR § 200.332 "Requirements for pass-through entities". Our audit procedures consisted of testwork completed on subawards and individual expenditures charged to the Federal awards. The report in which samples were selected was generated directly from the Organizations' general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend the Organizations develop a subaward policy to ensure the risk assessment procedures over its subrecipients are performed and documented prior to engagement. Based on these risk assessments, the Organizations should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend the Organizations require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately. Recommended factors to consider when developing a policy are as follows: Refer to 2 CFR 200.331 part (a) for complete listing of data elements that are required to be included in every subaward, and incorporate this listing into the updated policies and procedures. Establish criteria to be used in the evaluation of the risk of noncompliance associated with the intended subrecipient for the purpose of determining the expected level of oversight during the period of performance. This evaluation should include a scaling system, such as high, medium or low risk (for example), and the monitoring tools and procedures to be performed at each of these levels (additional training, on-site reviews, types of and frequency of reporting, etc.).
Finding 2023-001: Subrecipient Pre-award Risk Assessment Information on the Federal Programs: All Programs Criteria or Specific Requirement: CFR § 200.332, "Requirements for pass-through entities", requires pass-through entities to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Condition: During our testing of subawards, we were unable to verify that pre-award risk assessment procedures were performed. We additionally noted that these requirements were not incorporated into the Organizations' current policies and procedures. Cause: The Organizations do not have a formal internal policy with respect to performing subaward risk assessments as required by Federal regulation at the execution of the subaward agreements or on a regular basis. Effect or Potential Effect: The Organizations may have inadvertently failed to perform monitoring procedures appropriate for a subrecipient’s assessed level of risk. Questioned Costs: N/A Context: The Organizations execute subaward agreements under US Federal grants. Therefore, the Organizations are subject to CFR § 200.332 "Requirements for pass-through entities". Our audit procedures consisted of testwork completed on subawards and individual expenditures charged to the Federal awards. The report in which samples were selected was generated directly from the Organizations' general ledger (accounting system). We consider our sample to be representative of the population. Identification as a Repeat Finding: N/A Recommendation: We recommend the Organizations develop a subaward policy to ensure the risk assessment procedures over its subrecipients are performed and documented prior to engagement. Based on these risk assessments, the Organizations should assign a risk level to each, and then determine the monitoring tools to apply based on these risk levels. We also recommend the Organizations require its subrecipients to submit financial reports demonstrating use of each advance before advancing more funds, to ensure subrecipients are expending funds appropriately. Recommended factors to consider when developing a policy are as follows: Refer to 2 CFR 200.331 part (a) for complete listing of data elements that are required to be included in every subaward, and incorporate this listing into the updated policies and procedures. Establish criteria to be used in the evaluation of the risk of noncompliance associated with the intended subrecipient for the purpose of determining the expected level of oversight during the period of performance. This evaluation should include a scaling system, such as high, medium or low risk (for example), and the monitoring tools and procedures to be performed at each of these levels (additional training, on-site reviews, types of and frequency of reporting, etc.).
FINDING 2023-002 Program Information: Temporary Assistance for Needy Families (ALN #93.558) Criteria or Specific Requirement (Including Statutory, Regulatory or Other Citation): Federal Compliance Requirement: M. Subrecipient Monitoring – The pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f). Condition: The Organization did not have sufficient monitoring processes in place to detect erroneous costs charged to the TANF grant. Cause: Lack of administrative oversight with respect to subrecipient monitoring requirements. Effect or Potential Effect: The Organization was not in compliance with subrecipient monitoring requirements. Questioned Costs: Amount below reportable threshold. Context: For 1 of 22 invoices the Organization did not perform sufficient subrecipient monitoring procedures to detect erroneous costs charged by the subrecipient. Identification as a Repeat Finding: No similar findings noted in the prior year. Recommendation: We recommend that the Organization enhance its policies and procedures over subrecipient monitoring to properly detect and prevent erroneous calculations. Views of Responsible Officials and Planned Corrective Actions: The Organization will properly monitor the subaward disbursed to provide reasonable assurance the subrecipient used the subaward for authorized purposes.