Assistance Listing Number, Federal Agency, and Program Name - U.S. Department of Labor H-1B Job Training Grants (ALN 17.268) and WIA/WIOA Pilots, Demonstrations, and Research Projects Strengthening Community Colleges Training Grants (ALN 17.261). Federal Award Identification Number and Year - HG-35916-21-60-A-26 and MI-35900-21-60-A-26. Pass-through Entity - None. Finding Type - Significant deficiency. Repeat Finding - No. Criteria - A passthrough entity must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass through entity must provide the best information available to describe the Federal award and subaward. Required information includes: (1) Federal award identification: (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient's unique entity identifier; (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (vi) Subaward Budget Period Start and End Date; (vii) Amount of Federal Funds Obligated by this action by the pass through entity to the subrecipient; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass through entity including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass through entity; (x) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi) Name of Federal awarding agency, pass through entity, and contact information for awarding official of the Pass through entity; (xii) Assistance Listings number and Title; the pass through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (xiii) Identification of whether the award is R&D; and (xiv) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. (2 CFR 200.332(a)). In addition, 2 CFR 200.332(d) states grantees are required to "Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Condition - The College had the following issues noted: (1) It did not include items (1)(ii) subrecipient's unique unique entity identifier and (1)(xi) Name of federal awarding agency, passthrough entity or contact information within their subrecipient agreement; (2) It was not monitoring the subrecipient budgets and performance plans to ensure objectives were met; and (3) It was not monitoring financial expenditures that were below planned thresholds. Questioned Costs - None. Context - There were 5 subrecipients for grant #17.268 and 6 subrecipients for grant #17.671. There was approval and review of expenditures submitted by all subrecipients on a timely basis. In addition, each subrecipient is required to complete and submit a quarterly narrative performance report which the College uses to prepare the quarterly narrative performance report submitted to the granting agency. Cause and Effect - The College did not have a system in place to monitor actual performance and financial measures against the planned activity as outlined in the subrecipient and grant agreements. The College was also not documenting the results of site visits of the subrecipients. Recommendation - The College should implement controls to have subrecipients track and report perfornance and financial for planned versus actual reporting on a monthly or quarterly basis. In addition, the College should complete a written report summarizing the results of each onsite visit to its subrecipients as required under Uniform Guidance. Views of Responsible Officials and Corrective Action Plan - Management agrees with the finding. The College has implemented a new Grants Administration Guide which covered initial risk assessment, subrecipient determination, subaward agreements, monitoring subrecipients and subrecipient reimbursements. In addition, the College has developed monthly metric reports for planned vs. actual outcomes which is to be completed by each subrecipient. The College has also scheduled formal site visits with each subrecipient to cover Financial status, metric verification, narrative overview and participant records and evaluation. A tool has been developed to summarize each site visit with recommendations. A written report will be provided to the subrecipients after each site visit.
Assistance Listing Number, Federal Agency, and Program Name - U.S. Department of Labor H-1B Job Training Grants (ALN 17.268) and WIA/WIOA Pilots, Demonstrations, and Research Projects Strengthening Community Colleges Training Grants (ALN 17.261). Federal Award Identification Number and Year - HG-35916-21-60-A-26 and MI-35900-21-60-A-26. Pass-through Entity - None. Finding Type - Significant deficiency. Repeat Finding - No. Criteria - A passthrough entity must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass through entity must provide the best information available to describe the Federal award and subaward. Required information includes: (1) Federal award identification: (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient's unique entity identifier; (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (vi) Subaward Budget Period Start and End Date; (vii) Amount of Federal Funds Obligated by this action by the pass through entity to the subrecipient; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass through entity including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass through entity; (x) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi) Name of Federal awarding agency, pass through entity, and contact information for awarding official of the Pass through entity; (xii) Assistance Listings number and Title; the pass through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (xiii) Identification of whether the award is R&D; and (xiv) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. (2 CFR 200.332(a)). In addition, 2 CFR 200.332(d) states grantees are required to "Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Condition - The College had the following issues noted: (1) It did not include items (1)(ii) subrecipient's unique unique entity identifier and (1)(xi) Name of federal awarding agency, passthrough entity or contact information within their subrecipient agreement; (2) It was not monitoring the subrecipient budgets and performance plans to ensure objectives were met; and (3) It was not monitoring financial expenditures that were below planned thresholds. Questioned Costs - None. Context - There were 5 subrecipients for grant #17.268 and 6 subrecipients for grant #17.671. There was approval and review of expenditures submitted by all subrecipients on a timely basis. In addition, each subrecipient is required to complete and submit a quarterly narrative performance report which the College uses to prepare the quarterly narrative performance report submitted to the granting agency. Cause and Effect - The College did not have a system in place to monitor actual performance and financial measures against the planned activity as outlined in the subrecipient and grant agreements. The College was also not documenting the results of site visits of the subrecipients. Recommendation - The College should implement controls to have subrecipients track and report perfornance and financial for planned versus actual reporting on a monthly or quarterly basis. In addition, the College should complete a written report summarizing the results of each onsite visit to its subrecipients as required under Uniform Guidance. Views of Responsible Officials and Corrective Action Plan - Management agrees with the finding. The College has implemented a new Grants Administration Guide which covered initial risk assessment, subrecipient determination, subaward agreements, monitoring subrecipients and subrecipient reimbursements. In addition, the College has developed monthly metric reports for planned vs. actual outcomes which is to be completed by each subrecipient. The College has also scheduled formal site visits with each subrecipient to cover Financial status, metric verification, narrative overview and participant records and evaluation. A tool has been developed to summarize each site visit with recommendations. A written report will be provided to the subrecipients after each site visit.
2023-097: Perform Responsibilities Outlined in the Agency Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-011; 2021-070; 2020-074; 2019-090; 2018-093 Type of Finding: Internal Control and Compliance Severity of Deficiency: Material Weakness Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.303(a); 2 CFR § 200.332 Known Questioned Costs: $0 Social Services’ Compliance Division (Compliance) continues to not adhere to its established approach to oversee the agency’s subrecipient monitoring activities, as outlined in its Agency Monitoring Plan. According to Social Services’ Organizational Structure Report, Compliance is responsible for agency-wide compliance and risk mitigation that helps to ensure adherence to state and federal legal and regulatory standards, including subrecipient monitoring. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds through roughly 5,400 subawards from 35 federal grant programs. During the audit, we noted the following deviations from the Agency Monitoring Plan: While Compliance has updated and finalized the Agency Monitoring Plan, it has not communicated it to Subrecipient Monitoring Coordinators in divisions with subrecipient monitoring responsibilities. Because of the lack of communication, there were deviations from the Agency Monitoring Plan at the division level. For example, the Agency Monitoring Plan requires each division to monitor subrecipients once every three years. However, the Local Review Team did not consider this requirement because Compliance did not communicate the Agency Monitoring Plan to Subrecipient Monitoring Coordinators. The Local Review Team did, however, implement a risk-based approach to monitoring subrecipients as required by the Agency Monitoring Plan. Compliance continues to not review division monitoring plans to ensure the divisions implement a risk-based approach for monitoring subrecipients. The Agency Monitoring Plan states that Compliance will use a Monitoring Plan Checklist to evaluate and determine if all the required elements for subrecipient monitoring are present in each division’s plan. Because of the lack of review, the Division of Benefit Programs’ (Benefit Programs) fiscal year 2023 monitoring plan did not meet all the requirements outlined in the Agency Monitoring Plan because it did not include a risk-based approach for subrecipient monitoring and did not consider all subrecipients who receive funding from the Temporary Assistance for Needy Families (TANF) federal grant program. Additionally, while the Office of New Americans has adequate subrecipient monitoring processes, it does not have a written monitoring plan as required by the Agency Monitoring Plan. Compliance continues to not analyze each division’s subrecipient monitoring activities. As a result, Compliance has not produced quarterly reports of variances and noncompliance to brief Social Services’ Executive Team on the agency’s subrecipient monitoring activities. Because of Compliance’s lack of analysis and communication, the Executive Team was unaware of the deviations noted above. Title 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Without performing the responsibilities in the Agency Monitoring Plan, Social Services cannot provide reasonable assurance that the agency has complied with pass-through entity federal requirements at 2 CFR § 200.332. Because of the scope of this matter and the magnitude of Social Services’ subrecipient monitoring responsibilities, we consider these weaknesses collectively to create a material weakness in internal control over compliance. Since the prior audit, Compliance and Social Services’ Executive Team have worked together to discuss solutions to address this audit finding. Social Services is considering procuring a grants management system and Compliance has worked with the agency’s Division of Information Technology to determine whether it can utilize this system to fulfil its subrecipient monitoring responsibilities. Compliance has also discussed the need for additional staff to assist with subrecipient monitoring oversight with the Executive Team. However, Compliance has not implemented these corrective actions as of the end of fiscal year 2023 because of the level of effort and considerations involved with these corrective actions. Therefore, Compliance should continue to work with the Executive Team to make sure that it has the appropriate level of resources to fulfil its responsibilities in the Agency Monitoring Plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-097: Perform Responsibilities Outlined in the Agency Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-011; 2021-070; 2020-074; 2019-090; 2018-093 Type of Finding: Internal Control and Compliance Severity of Deficiency: Material Weakness Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.303(a); 2 CFR § 200.332 Known Questioned Costs: $0 Social Services’ Compliance Division (Compliance) continues to not adhere to its established approach to oversee the agency’s subrecipient monitoring activities, as outlined in its Agency Monitoring Plan. According to Social Services’ Organizational Structure Report, Compliance is responsible for agency-wide compliance and risk mitigation that helps to ensure adherence to state and federal legal and regulatory standards, including subrecipient monitoring. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds through roughly 5,400 subawards from 35 federal grant programs. During the audit, we noted the following deviations from the Agency Monitoring Plan: While Compliance has updated and finalized the Agency Monitoring Plan, it has not communicated it to Subrecipient Monitoring Coordinators in divisions with subrecipient monitoring responsibilities. Because of the lack of communication, there were deviations from the Agency Monitoring Plan at the division level. For example, the Agency Monitoring Plan requires each division to monitor subrecipients once every three years. However, the Local Review Team did not consider this requirement because Compliance did not communicate the Agency Monitoring Plan to Subrecipient Monitoring Coordinators. The Local Review Team did, however, implement a risk-based approach to monitoring subrecipients as required by the Agency Monitoring Plan. Compliance continues to not review division monitoring plans to ensure the divisions implement a risk-based approach for monitoring subrecipients. The Agency Monitoring Plan states that Compliance will use a Monitoring Plan Checklist to evaluate and determine if all the required elements for subrecipient monitoring are present in each division’s plan. Because of the lack of review, the Division of Benefit Programs’ (Benefit Programs) fiscal year 2023 monitoring plan did not meet all the requirements outlined in the Agency Monitoring Plan because it did not include a risk-based approach for subrecipient monitoring and did not consider all subrecipients who receive funding from the Temporary Assistance for Needy Families (TANF) federal grant program. Additionally, while the Office of New Americans has adequate subrecipient monitoring processes, it does not have a written monitoring plan as required by the Agency Monitoring Plan. Compliance continues to not analyze each division’s subrecipient monitoring activities. As a result, Compliance has not produced quarterly reports of variances and noncompliance to brief Social Services’ Executive Team on the agency’s subrecipient monitoring activities. Because of Compliance’s lack of analysis and communication, the Executive Team was unaware of the deviations noted above. Title 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Without performing the responsibilities in the Agency Monitoring Plan, Social Services cannot provide reasonable assurance that the agency has complied with pass-through entity federal requirements at 2 CFR § 200.332. Because of the scope of this matter and the magnitude of Social Services’ subrecipient monitoring responsibilities, we consider these weaknesses collectively to create a material weakness in internal control over compliance. Since the prior audit, Compliance and Social Services’ Executive Team have worked together to discuss solutions to address this audit finding. Social Services is considering procuring a grants management system and Compliance has worked with the agency’s Division of Information Technology to determine whether it can utilize this system to fulfil its subrecipient monitoring responsibilities. Compliance has also discussed the need for additional staff to assist with subrecipient monitoring oversight with the Executive Team. However, Compliance has not implemented these corrective actions as of the end of fiscal year 2023 because of the level of effort and considerations involved with these corrective actions. Therefore, Compliance should continue to work with the Executive Team to make sure that it has the appropriate level of resources to fulfil its responsibilities in the Agency Monitoring Plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-097: Perform Responsibilities Outlined in the Agency Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-011; 2021-070; 2020-074; 2019-090; 2018-093 Type of Finding: Internal Control and Compliance Severity of Deficiency: Material Weakness Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.303(a); 2 CFR § 200.332 Known Questioned Costs: $0 Social Services’ Compliance Division (Compliance) continues to not adhere to its established approach to oversee the agency’s subrecipient monitoring activities, as outlined in its Agency Monitoring Plan. According to Social Services’ Organizational Structure Report, Compliance is responsible for agency-wide compliance and risk mitigation that helps to ensure adherence to state and federal legal and regulatory standards, including subrecipient monitoring. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds through roughly 5,400 subawards from 35 federal grant programs. During the audit, we noted the following deviations from the Agency Monitoring Plan: While Compliance has updated and finalized the Agency Monitoring Plan, it has not communicated it to Subrecipient Monitoring Coordinators in divisions with subrecipient monitoring responsibilities. Because of the lack of communication, there were deviations from the Agency Monitoring Plan at the division level. For example, the Agency Monitoring Plan requires each division to monitor subrecipients once every three years. However, the Local Review Team did not consider this requirement because Compliance did not communicate the Agency Monitoring Plan to Subrecipient Monitoring Coordinators. The Local Review Team did, however, implement a risk-based approach to monitoring subrecipients as required by the Agency Monitoring Plan. Compliance continues to not review division monitoring plans to ensure the divisions implement a risk-based approach for monitoring subrecipients. The Agency Monitoring Plan states that Compliance will use a Monitoring Plan Checklist to evaluate and determine if all the required elements for subrecipient monitoring are present in each division’s plan. Because of the lack of review, the Division of Benefit Programs’ (Benefit Programs) fiscal year 2023 monitoring plan did not meet all the requirements outlined in the Agency Monitoring Plan because it did not include a risk-based approach for subrecipient monitoring and did not consider all subrecipients who receive funding from the Temporary Assistance for Needy Families (TANF) federal grant program. Additionally, while the Office of New Americans has adequate subrecipient monitoring processes, it does not have a written monitoring plan as required by the Agency Monitoring Plan. Compliance continues to not analyze each division’s subrecipient monitoring activities. As a result, Compliance has not produced quarterly reports of variances and noncompliance to brief Social Services’ Executive Team on the agency’s subrecipient monitoring activities. Because of Compliance’s lack of analysis and communication, the Executive Team was unaware of the deviations noted above. Title 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Without performing the responsibilities in the Agency Monitoring Plan, Social Services cannot provide reasonable assurance that the agency has complied with pass-through entity federal requirements at 2 CFR § 200.332. Because of the scope of this matter and the magnitude of Social Services’ subrecipient monitoring responsibilities, we consider these weaknesses collectively to create a material weakness in internal control over compliance. Since the prior audit, Compliance and Social Services’ Executive Team have worked together to discuss solutions to address this audit finding. Social Services is considering procuring a grants management system and Compliance has worked with the agency’s Division of Information Technology to determine whether it can utilize this system to fulfil its subrecipient monitoring responsibilities. Compliance has also discussed the need for additional staff to assist with subrecipient monitoring oversight with the Executive Team. However, Compliance has not implemented these corrective actions as of the end of fiscal year 2023 because of the level of effort and considerations involved with these corrective actions. Therefore, Compliance should continue to work with the Executive Team to make sure that it has the appropriate level of resources to fulfil its responsibilities in the Agency Monitoring Plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-099: Communicate Responsibilities to Subrecipient Monitoring Coordinators Applicable to: Department of Social Services Prior Year Finding Number: 2022-012; 2021-069; 2020-076 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Compliance has not communicated responsibilities to subrecipient monitoring coordinators, as required by the Agency Monitoring Plan. Compliance’s Agency Monitoring Plan serves as a guide in the development, implementation, and coordination of division monitoring plans and aims to address accountability and provide consistency in monitoring activities across all Social Services’ divisions and offices. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds from roughly 5,400 subawards. Title 2 CFR § 200.332(d) requires pass-through entities to monitor the activities of subrecipients as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Further, 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Since the prior audit, Compliance has updated and finalized the Agency Monitoring Plan but has been unable to communicate it to the subrecipient monitoring coordinators because of a lack of available resources. Without communicating responsibilities to subrecipient monitoring coordinators, Compliance cannot provide assurance that Social Services adequately monitors all its subrecipients to ensure they are achieving program objectives or complying with federal requirements. Compliance should continue to work with Social Services’ Executive Team to obtain the appropriate resources so that it can communicate responsibilities to subrecipient monitoring coordinators. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-099: Communicate Responsibilities to Subrecipient Monitoring Coordinators Applicable to: Department of Social Services Prior Year Finding Number: 2022-012; 2021-069; 2020-076 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Compliance has not communicated responsibilities to subrecipient monitoring coordinators, as required by the Agency Monitoring Plan. Compliance’s Agency Monitoring Plan serves as a guide in the development, implementation, and coordination of division monitoring plans and aims to address accountability and provide consistency in monitoring activities across all Social Services’ divisions and offices. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds from roughly 5,400 subawards. Title 2 CFR § 200.332(d) requires pass-through entities to monitor the activities of subrecipients as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Further, 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Since the prior audit, Compliance has updated and finalized the Agency Monitoring Plan but has been unable to communicate it to the subrecipient monitoring coordinators because of a lack of available resources. Without communicating responsibilities to subrecipient monitoring coordinators, Compliance cannot provide assurance that Social Services adequately monitors all its subrecipients to ensure they are achieving program objectives or complying with federal requirements. Compliance should continue to work with Social Services’ Executive Team to obtain the appropriate resources so that it can communicate responsibilities to subrecipient monitoring coordinators. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-099: Communicate Responsibilities to Subrecipient Monitoring Coordinators Applicable to: Department of Social Services Prior Year Finding Number: 2022-012; 2021-069; 2020-076 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Compliance has not communicated responsibilities to subrecipient monitoring coordinators, as required by the Agency Monitoring Plan. Compliance’s Agency Monitoring Plan serves as a guide in the development, implementation, and coordination of division monitoring plans and aims to address accountability and provide consistency in monitoring activities across all Social Services’ divisions and offices. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds from roughly 5,400 subawards. Title 2 CFR § 200.332(d) requires pass-through entities to monitor the activities of subrecipients as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Further, 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Since the prior audit, Compliance has updated and finalized the Agency Monitoring Plan but has been unable to communicate it to the subrecipient monitoring coordinators because of a lack of available resources. Without communicating responsibilities to subrecipient monitoring coordinators, Compliance cannot provide assurance that Social Services adequately monitors all its subrecipients to ensure they are achieving program objectives or complying with federal requirements. Compliance should continue to work with Social Services’ Executive Team to obtain the appropriate resources so that it can communicate responsibilities to subrecipient monitoring coordinators. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-101: Verify that Monitoring Plan Includes All Subrecipient Programmatic Activities Applicable to: Department of Social Services Prior Year Finding Number: 2022-015 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558 Federal Award Number and Year: 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b); 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs fiscal year 2023 monitoring plan did not include all subrecipient programmatic activities for the TANF federal grant program. Benefit Programs’ primary programmatic activity for the TANF federal grant program is eligibility determination functions performed by local agencies. However, Benefit Programs also awards various competitive grants to local governments and non-profit organizations to help TANF recipients become self-sufficient. According to 2 CFR § 200.322(b) all pass-through entities are required to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Additionally, 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure it uses the subaward for authorized purposes, which comply with federal statutes, regulations, and the terms and conditions of the subaward; and that the subrecipient achieves subaward performance goals. Without including all programmatic activities in the monitoring plan, Benefit Programs cannot provide assurance that subrecipients used TANF federal grant funds for authorized purposes in compliance with federal statutes, regulations, and the terms and conditions of the subaward. In response to the prior year’s audit recommendation, Benefit Programs’ management analyzed all its programmatic activities and verified that they were incorporated into its fiscal year 2024 monitoring plan. As part of its corrective action, Benefit Programs’ management mandated that home office staff monitor subrecipients receiving TANF competitive grants once every three years and complete risk assessment procedures in other years to verify that there have not been any changes in the subrecipient’s risk profile. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that it includes all programmatic activities within its monitoring plan and that it conducts monitoring activities in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-101: Verify that Monitoring Plan Includes All Subrecipient Programmatic Activities Applicable to: Department of Social Services Prior Year Finding Number: 2022-015 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558 Federal Award Number and Year: 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b); 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs fiscal year 2023 monitoring plan did not include all subrecipient programmatic activities for the TANF federal grant program. Benefit Programs’ primary programmatic activity for the TANF federal grant program is eligibility determination functions performed by local agencies. However, Benefit Programs also awards various competitive grants to local governments and non-profit organizations to help TANF recipients become self-sufficient. According to 2 CFR § 200.322(b) all pass-through entities are required to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Additionally, 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure it uses the subaward for authorized purposes, which comply with federal statutes, regulations, and the terms and conditions of the subaward; and that the subrecipient achieves subaward performance goals. Without including all programmatic activities in the monitoring plan, Benefit Programs cannot provide assurance that subrecipients used TANF federal grant funds for authorized purposes in compliance with federal statutes, regulations, and the terms and conditions of the subaward. In response to the prior year’s audit recommendation, Benefit Programs’ management analyzed all its programmatic activities and verified that they were incorporated into its fiscal year 2024 monitoring plan. As part of its corrective action, Benefit Programs’ management mandated that home office staff monitor subrecipients receiving TANF competitive grants once every three years and complete risk assessment procedures in other years to verify that there have not been any changes in the subrecipient’s risk profile. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that it includes all programmatic activities within its monitoring plan and that it conducts monitoring activities in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-101: Verify that Monitoring Plan Includes All Subrecipient Programmatic Activities Applicable to: Department of Social Services Prior Year Finding Number: 2022-015 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558 Federal Award Number and Year: 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b); 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs fiscal year 2023 monitoring plan did not include all subrecipient programmatic activities for the TANF federal grant program. Benefit Programs’ primary programmatic activity for the TANF federal grant program is eligibility determination functions performed by local agencies. However, Benefit Programs also awards various competitive grants to local governments and non-profit organizations to help TANF recipients become self-sufficient. According to 2 CFR § 200.322(b) all pass-through entities are required to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Additionally, 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure it uses the subaward for authorized purposes, which comply with federal statutes, regulations, and the terms and conditions of the subaward; and that the subrecipient achieves subaward performance goals. Without including all programmatic activities in the monitoring plan, Benefit Programs cannot provide assurance that subrecipients used TANF federal grant funds for authorized purposes in compliance with federal statutes, regulations, and the terms and conditions of the subaward. In response to the prior year’s audit recommendation, Benefit Programs’ management analyzed all its programmatic activities and verified that they were incorporated into its fiscal year 2024 monitoring plan. As part of its corrective action, Benefit Programs’ management mandated that home office staff monitor subrecipients receiving TANF competitive grants once every three years and complete risk assessment procedures in other years to verify that there have not been any changes in the subrecipient’s risk profile. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that it includes all programmatic activities within its monitoring plan and that it conducts monitoring activities in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
FINDING 2023-002 Subject: COVID-19 - Education Stabilization Fund - Subrecipient Monitoring Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Number: 84.425U Federal Award Number and Year (or Other Identifying Number): S425U210013 Compliance Requirement: Subrecipient Monitoring Audit Findings: Material Weakness, Modified Opinion Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, material noncompliance related to the COVID-19 - Education Stabilization Fund (ESF) funds passed through to subrecipients. The School Corporation received and passed through to subrecipients $420,500 of ESF funds. The School Corporation is to clearly identify the award and applicable requirements to the subrecipients, evaluate the risk of noncompliance related to the subrecipients to determine appropriate monitoring of the subaward, and monitor the activities of the subrecipients to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. The School Corporation did not enter into an agreement with the subrecipients. As such there is no agreement between the School Corporation and the subrecipients that clearly identifies the award as a subaward or includes all the required data elements. In addition, the School Corporation did not have any policies or procedures in place to evaluate the subrecipients' risk of noncompliance or to monitor the activity of the subrecipients. Per inquiry of the School Corporation, it was determined an evaluation of the risk of noncompliance for the subrecipients was not completed, nor did the subrecipients' files support any such evaluation. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.332 states: "All pass-through entities must: INDIANA STATE BOARD OF ACCOUNTS 18 WEST LAFAYETTE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and include the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward notification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: (1) Federal award identification. (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient's unique entity identifier; (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (vi) Subaward Budget Period Start and End Date; (vii) Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the passthrough entity; (x) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; (xii) Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (xiii) Identification of whether the award is R&D; and (xiv) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; INDIANA STATE BOARD OF ACCOUNTS 19 WEST LAFAYETTE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (3) Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports; (4) (i) An approved federally recognized indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, the pass-through entity must determine the appropriate rate in collaboration with the subrecipient, which is either: (A) The negotiated indirect cost rate between the pass-through entity and the subrecipient; which can be based on a prior negotiated rate between a different PTE and the same subrecipient. If basing the rate on a previously negotiated rate, the passthrough entity is not required to collect information justifying this rate, but may elect to do so; (B) The de minimis indirect cost rate. (ii) The pass-through entity must not require use of a de minimis indirect cost rate if the subrecipient has a Federally approved rate. Subrecipients can elect to use the cost allocation method to account for indirect costs in accordance with § 200.405(d). (5) A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and (6) Appropriate terms and conditions concerning closeout of the subaward. . . . (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in § 200.208. INDIANA STATE BOARD OF ACCOUNTS 20 WEST LAFAYETTE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on programrelated matters; and (2) Performing on-site reviews of the subrecipient's program operations; (3) Arranging for agreed-upon-procedures engagements as described in § 200.425. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. INDIANA STATE BOARD OF ACCOUNTS 21 WEST LAFAYETTE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (h) Consider taking enforcement action against noncompliant subrecipients as described in § 200.339 of this part and in program regulations." Cause A proper system of internal controls was not designed by management of the School Corporation. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the School Corporation's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, the School Corporation did not properly evaluate the subrecipients risk of noncompliance or adequately monitor the subrecipients. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls, including segregation of duties, to evaluate the subrecipients risk of noncompliance and adequately monitor the subrecipients. Additionally, policies and procedures should be implemented to ensure appropriate reviews, approvals, and oversight are taking place, as needed, to evaluate and monitor its subrecipients. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
Program: Foster Care Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2301CAFOST and 2023, 2201CAFOST and 2022 Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Instance of Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: • 2 CFR Part 200.332(a), Requirements for Pass-Through Entities, states that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes certain information as well as all the requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations, and the terms and conditions of the award. • 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). • 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). • 2 CFR 200.332(f) – Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. The California Department of Social Services further clarifies in its County Fiscal Letter No. 22/23-91 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any follow-up to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management). Condition: The Social Services Agency (SSA) did not have any formal controls in place for evaluating each subrecipient’s risk of noncompliance or the purpose of determining the appropriate subrecipient monitoring or for subrecipient monitoring for the Foster Care program. Additionally, the following information was not provided at the time of the subaward for ten (10) of fourteen (14) subawards selected for testing from the SSA’s for the Foster Care program: • Subrecipient’s unique entity identifier • Federal award identification number • Federal award date of award to recipient by the Federal agency • Subaward period of performance • Amount of federal funds obligated to the subrecipient • Amount of federal funds committed to the subrecipient • Federal award project description • Name of federal awarding agency • CFDA/Assistance Listing number • Identification of whether the award is research and development • Indirect cost rate During our testing, we noted for four (4) of fourteen (14) subrecipients selected, SSA did not have documentation that the SAM clearance was performed prior to entering the contract with the subrecipient. The County’s policy was to verify the subrecipient was not suspended or debarred prior to entering the contract, but the County did not retain evidence of this check prior to entering the contract. Cause: The SSA’s procedures did not consistently ensure that the required award information and applicable requires were communicated to the subrecipients. The SSA did not follow their procedures to evaluate the risk of noncompliance or monitor the activities of each subrecipient, and the SSA did not maintain documentation of their verification that every subrecipient is audited, as required. Additionally, the SSA department did not follow their policy to retain documentation of the verification of the information prior to entering the contract. Effect: The County’s control policies were not consistently followed which require compliance with the Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Additionally, the County’s control policies were not consistently followed, which required documentation of the verification prior to entering the contract. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of fourteen (14) out of seventy (70) subrecipients were sampled, which included seven (7) FFA, and seven (7) STRTP types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2022-002,2022-005 and 2022-006. Recommendation: We recommend that the County adhere to their policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. We recommend that the County adhere to their procedures requiring documentation of the SAM clearance prior to entering the contract. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Foster Care Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2301CAFOST and 2023, 2201CAFOST and 2022 Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Instance of Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: • 2 CFR Part 200.332(a), Requirements for Pass-Through Entities, states that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes certain information as well as all the requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations, and the terms and conditions of the award. • 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). • 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). • 2 CFR 200.332(f) – Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. The California Department of Social Services further clarifies in its County Fiscal Letter No. 22/23-91 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any follow-up to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management). Condition: The Social Services Agency (SSA) did not have any formal controls in place for evaluating each subrecipient’s risk of noncompliance or the purpose of determining the appropriate subrecipient monitoring or for subrecipient monitoring for the Foster Care program. Additionally, the following information was not provided at the time of the subaward for ten (10) of fourteen (14) subawards selected for testing from the SSA’s for the Foster Care program: • Subrecipient’s unique entity identifier • Federal award identification number • Federal award date of award to recipient by the Federal agency • Subaward period of performance • Amount of federal funds obligated to the subrecipient • Amount of federal funds committed to the subrecipient • Federal award project description • Name of federal awarding agency • CFDA/Assistance Listing number • Identification of whether the award is research and development • Indirect cost rate During our testing, we noted for four (4) of fourteen (14) subrecipients selected, SSA did not have documentation that the SAM clearance was performed prior to entering the contract with the subrecipient. The County’s policy was to verify the subrecipient was not suspended or debarred prior to entering the contract, but the County did not retain evidence of this check prior to entering the contract. Cause: The SSA’s procedures did not consistently ensure that the required award information and applicable requires were communicated to the subrecipients. The SSA did not follow their procedures to evaluate the risk of noncompliance or monitor the activities of each subrecipient, and the SSA did not maintain documentation of their verification that every subrecipient is audited, as required. Additionally, the SSA department did not follow their policy to retain documentation of the verification of the information prior to entering the contract. Effect: The County’s control policies were not consistently followed which require compliance with the Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Additionally, the County’s control policies were not consistently followed, which required documentation of the verification prior to entering the contract. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of fourteen (14) out of seventy (70) subrecipients were sampled, which included seven (7) FFA, and seven (7) STRTP types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2022-002,2022-005 and 2022-006. Recommendation: We recommend that the County adhere to their policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. We recommend that the County adhere to their procedures requiring documentation of the SAM clearance prior to entering the contract. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.