Failure to properly track grant expenditures. Federal programs impacted: 93.958 Block grants for community mental health services, 93.558 TANF DYS Questioned Costs: None Condition: The Clinic expended more than $750,000 in federal awards, triggering a single audit requirement, however when asked to prepare a SEFA/SESA multiple attempts were made and numbers changed numerous times throughout the audit. Client is unable to distinguish co-mingled federal and state funding and expenditures for DYS grants, one of the major programs tested. Client is able to maintain overall expenditures, but not on a segregated level. Appears tracking was done in the same manner as other program expenses. Client failed to maintain proper records to segregate federal and state funding as required by the Uniform Guidance. Criteria: 2 CFR section 200.329 states that one responsibility of the auditee is to monitor its activities under Federal awards. See also 200.332. Cause: Funding for the TANF DYS grant is received on a state and federal level. DHS is able to segregate in their tracking software but the Clinic belives they did not have the ability to separate these payements as they come from the same source and are often received in tandem, they did not have proper internal controls in place to segregate the funding received and related expenditures as required by the Uniform Guidance. Effect: Difficulty in establishing the SEFA/SESA, causing a delay in single audit testing. Co-mingling of federal and state funding used could present the possibility that expenses tested in single audit were paid for with the state portion of the grant. Recommendation: We recommend that the Clinic maintains an effort to track federal and state funding and expenditures separate from regular program expenditures, inquiring of granting agencies if needed by developing and implementing internal control policies related to grant funding and expenditure tracking. Management Response: Management believes it will be very difficult to segregate the fundings for the reasons listed above, but they mentioned they would request clarification from awarding agencies on which portion is federal and which is state in order to properly track.
Failure to properly track grant expenditures. Federal programs impacted: 93.958 Block grants for community mental health services, 93.558 TANF DYS Questioned Costs: None Condition: The Clinic expended more than $750,000 in federal awards, triggering a single audit requirement, however when asked to prepare a SEFA/SESA multiple attempts were made and numbers changed numerous times throughout the audit. Client is unable to distinguish co-mingled federal and state funding and expenditures for DYS grants, one of the major programs tested. Client is able to maintain overall expenditures, but not on a segregated level. Appears tracking was done in the same manner as other program expenses. Client failed to maintain proper records to segregate federal and state funding as required by the Uniform Guidance. Criteria: 2 CFR section 200.329 states that one responsibility of the auditee is to monitor its activities under Federal awards. See also 200.332. Cause: Funding for the TANF DYS grant is received on a state and federal level. DHS is able to segregate in their tracking software but the Clinic belives they did not have the ability to separate these payements as they come from the same source and are often received in tandem, they did not have proper internal controls in place to segregate the funding received and related expenditures as required by the Uniform Guidance. Effect: Difficulty in establishing the SEFA/SESA, causing a delay in single audit testing. Co-mingling of federal and state funding used could present the possibility that expenses tested in single audit were paid for with the state portion of the grant. Recommendation: We recommend that the Clinic maintains an effort to track federal and state funding and expenditures separate from regular program expenditures, inquiring of granting agencies if needed by developing and implementing internal control policies related to grant funding and expenditure tracking. Management Response: Management believes it will be very difficult to segregate the fundings for the reasons listed above, but they mentioned they would request clarification from awarding agencies on which portion is federal and which is state in order to properly track.
2023-001 – Subrecipient Information and Monitoring Grantor: Centers for Disease Control and Prevention (CDC) Passthrough Agency: Massachusetts Department of Public Health Program Name: Massachusetts Community Health Worker for Resilience Award Name: Community Health Workers for Public Health Response and Resilient Award Year: Various Award Number: INTF4207M03225031012 Assistance Listing Number: 93.495 Criteria The Uniform Guidance states that: a pass-through entity (PTE) must • Identify the Award and Applicable Requirements including clearly identify information to the subrecipient. • Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). • Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). Condition Through our testing of the subrecipient information and monitoring at the Alliance over the Massachusetts Community Health Worker for Resilience program, we selected four organizations to whom the Alliance passed federal funding through to during fiscal year 2023. For each of the four selections, the entity was not able to evidence that they provided all required information to subrecipients at the time of the subaward (or subsequent subaward modification), as per the OMB compliance supplement requirements. Specifically, as per the review of the sub-award agreement, we were not able to verify the below information was communicated to the subrecipient at the time of the execution of the subaward agreement: i) Sub-recipient's Unique Identity Number ii) The entity's Federal Award Identification Number iii) Name of Federal awarding agency iv) Contact information for awarding officials of CHA v) Assistance Listing Number and Title vi) Indirect cost rate for the Federal award In addition, it was noted that documentation of a risk assessment being performed prior to entering into the subcontract was not available for the four selections and there was no formal documentation of subsequent subrecipient monitoring. There was also no evidence of review of uniform guidance reports. Cause The Alliance has policies in place for subrecipient monitoring that address the communication of award information to the subrecipient, risk assessments and continued monitoring but due to lack of training and understanding, those policies were not executed properly on this award. Effect There was a lack of communication to the subrecipient regarding the subaward agreement. The lack of formal documentation of initial risk does not allow the Alliance to ensure consistency in their risk assessments of subrecipients nor does it allow for a formal annual reassessment of risk and a clear linking of these assessments to the level of subsequent subrecipient monitoring. Questioned Costs None noted. Recommendation We recommend the Alliance implement training and a template to be utilized for the communication of the subaward information as well as an initial risk assessment and a continuing reassessment. In addition to these tools, we recommend the Alliance consider the following: • Formalize procedures to communicate the subaward information to the subrecipient • Implementing a formal review of the initial assessment prior to entering into the agreement as well as continuing subrecipient risk reassessments, including review of Uniform Guidance Reports • Formalizing the monitoring that is expected when a subrecipient is categorized as high versus low risk and the departments/individuals responsible for such monitoring • Formalize the annual subrecipient risk assessment process and the criteria to be reviewed and ensure it includes all subrecipients. Input into this assessment should be obtained from various constituents, including the Key Personnel. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings.
Federal Program Information: Block Grants for Prevent and Treatment of Substance Abuse, ALN #COVID-19 - 93.959 Criteria: Requirements for pass-through-entities of federal awards as it relates to monitoring the activities of its subrecipients as specified in 2 CFR 200.332. Condition: The University did not comply with the terms of its subrecipient contracts in which they are required to obtain underlying expenditure detail prior to reimbursing the subrecipients from federal funds. Context: The University reimbursed four subrecipients without obtaining the detail of expenses incurred by the subrecipient. Payments were based on a narrative on progress towards the objectives or a prorated amount of the total award was paid to the subrecipient for the month. Questioned Cost: $0 Effect: Subrecipients received federal funds via the University for expenditures that did not have supporting expenditure detail at the time of reimbursement. Cause: The University did not enforce the contracts that they have with subrecipients, which state that cost detail must be submitted with each invoice. Final reporting requires expenditure detail to be provided by the subrecipient upon the completion of the contract period, however these subcontractors had not yet reached that milestone. Repeat Finding: No Recommendation: Crowe recommends the University require all subrecipients to submit cost detail that supports their request for reimbursement, as stated in the subrecipient agreements
Federal Program Information: Block Grants for Prevent and Treatment of Substance Abuse, ALN #COVID-19 - 93.959 Criteria: Requirements for pass-through-entities of federal awards as it relates to monitoring the activities of its subrecipients as specified in 2 CFR 200.332. Condition: The University did not comply with the terms of its subrecipient contracts in which they are required to obtain underlying expenditure detail prior to reimbursing the subrecipients from federal funds. Context: The University reimbursed four subrecipients without obtaining the detail of expenses incurred by the subrecipient. Payments were based on a narrative on progress towards the objectives or a prorated amount of the total award was paid to the subrecipient for the month. Questioned Cost: $0 Effect: Subrecipients received federal funds via the University for expenditures that did not have supporting expenditure detail at the time of reimbursement. Cause: The University did not enforce the contracts that they have with subrecipients, which state that cost detail must be submitted with each invoice. Final reporting requires expenditure detail to be provided by the subrecipient upon the completion of the contract period, however these subcontractors had not yet reached that milestone. Repeat Finding: No Recommendation: Crowe recommends the University require all subrecipients to submit cost detail that supports their request for reimbursement, as stated in the subrecipient agreements
Federal Program Information: Block Grants for Prevent and Treatment of Substance Abuse, ALN #COVID-19 - 93.959 Criteria: Requirements for pass-through-entities of federal awards as it relates to monitoring the activities of its subrecipients as specified in 2 CFR 200.332. Condition: The University did not comply with the terms of its subrecipient contracts in which they are required to obtain underlying expenditure detail prior to reimbursing the subrecipients from federal funds. Context: The University reimbursed four subrecipients without obtaining the detail of expenses incurred by the subrecipient. Payments were based on a narrative on progress towards the objectives or a prorated amount of the total award was paid to the subrecipient for the month. Questioned Cost: $0 Effect: Subrecipients received federal funds via the University for expenditures that did not have supporting expenditure detail at the time of reimbursement. Cause: The University did not enforce the contracts that they have with subrecipients, which state that cost detail must be submitted with each invoice. Final reporting requires expenditure detail to be provided by the subrecipient upon the completion of the contract period, however these subcontractors had not yet reached that milestone. Repeat Finding: No Recommendation: Crowe recommends the University require all subrecipients to submit cost detail that supports their request for reimbursement, as stated in the subrecipient agreements
Federal Program Information: Block Grants for Prevent and Treatment of Substance Abuse, ALN #COVID-19 - 93.959 Criteria: Requirements for pass-through-entities of federal awards as it relates to monitoring the activities of its subrecipients as specified in 2 CFR 200.332. Condition: The University did not comply with the terms of its subrecipient contracts in which they are required to obtain underlying expenditure detail prior to reimbursing the subrecipients from federal funds. Context: The University reimbursed four subrecipients without obtaining the detail of expenses incurred by the subrecipient. Payments were based on a narrative on progress towards the objectives or a prorated amount of the total award was paid to the subrecipient for the month. Questioned Cost: $0 Effect: Subrecipients received federal funds via the University for expenditures that did not have supporting expenditure detail at the time of reimbursement. Cause: The University did not enforce the contracts that they have with subrecipients, which state that cost detail must be submitted with each invoice. Final reporting requires expenditure detail to be provided by the subrecipient upon the completion of the contract period, however these subcontractors had not yet reached that milestone. Repeat Finding: No Recommendation: Crowe recommends the University require all subrecipients to submit cost detail that supports their request for reimbursement, as stated in the subrecipient agreements
Federal Program Information: Block Grants for Prevent and Treatment of Substance Abuse, ALN #COVID-19 - 93.959 Criteria: Requirements for pass-through-entities of federal awards as it relates to monitoring the activities of its subrecipients as specified in 2 CFR 200.332. Condition: The University did not comply with the terms of its subrecipient contracts in which they are required to obtain underlying expenditure detail prior to reimbursing the subrecipients from federal funds. Context: The University reimbursed four subrecipients without obtaining the detail of expenses incurred by the subrecipient. Payments were based on a narrative on progress towards the objectives or a prorated amount of the total award was paid to the subrecipient for the month. Questioned Cost: $0 Effect: Subrecipients received federal funds via the University for expenditures that did not have supporting expenditure detail at the time of reimbursement. Cause: The University did not enforce the contracts that they have with subrecipients, which state that cost detail must be submitted with each invoice. Final reporting requires expenditure detail to be provided by the subrecipient upon the completion of the contract period, however these subcontractors had not yet reached that milestone. Repeat Finding: No Recommendation: Crowe recommends the University require all subrecipients to submit cost detail that supports their request for reimbursement, as stated in the subrecipient agreements
Federal Program Information: Block Grants for Prevent and Treatment of Substance Abuse, ALN #COVID-19 - 93.959 Criteria: Requirements for pass-through-entities of federal awards as it relates to monitoring the activities of its subrecipients as specified in 2 CFR 200.332. Condition: The University did not comply with the terms of its subrecipient contracts in which they are required to obtain underlying expenditure detail prior to reimbursing the subrecipients from federal funds. Context: The University reimbursed four subrecipients without obtaining the detail of expenses incurred by the subrecipient. Payments were based on a narrative on progress towards the objectives or a prorated amount of the total award was paid to the subrecipient for the month. Questioned Cost: $0 Effect: Subrecipients received federal funds via the University for expenditures that did not have supporting expenditure detail at the time of reimbursement. Cause: The University did not enforce the contracts that they have with subrecipients, which state that cost detail must be submitted with each invoice. Final reporting requires expenditure detail to be provided by the subrecipient upon the completion of the contract period, however these subcontractors had not yet reached that milestone. Repeat Finding: No Recommendation: Crowe recommends the University require all subrecipients to submit cost detail that supports their request for reimbursement, as stated in the subrecipient agreements
Finding 2023-002: Federal Funding Accountability and Transparency Act (FFATA) Reporting Information on the Federal Programs: Assistance Listing Number 19.518 Criteria: The FFATA Subaward Reporting System (FSRS) is the reporting tool Federal prime awardees use to capture and report subaward and executive compensation data regarding their firsttier subawards to meet the FFATA reporting requirements. Prime Awardees awarded a Federal grant are required to file a FFATA sub-award report by the end of the month following the month in which the prime awardee awards any sub-grant equal to or greater than $30,000. Criteria (continued): CFR 200.332(a) states that entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information related to the Federal award project description, as required to be responsive to FFATA. CFR 200.341(c) states that the entity must provide the information required under FFATA to the Federal website established to fulfill the requirements of FFATA, and update or notify any other relevant governmentwide systems or entities of any indications of poor performance (or issues related to suspension or debarment). Condition: Asylum Access has not complied with the aforementioned criteria (we noted no evidence of a FFATA reporting process). Cause: Asylum Access does not maintain documented policies regarding FFATA reporting and therefore compliance with Federal regulations cannot be determined. Context: Absent proper policies and procedures, Asylum Access is at risk of entering into sub-awards under Federal awards that were not properly reported and therefore could result in noncompliance with FFATA requirements. Effect: Asylum Access did not comply with the requirements noted above. Questioned Costs: None noted. Identification as a Repeat Finding: N/A Recommendation: We recommend Asylum Access establish a FFATA reporting policy to become compliant with the aforementioned requirements. We further recommend it ensure all staff are properly trained with respect to the new policy to ensure compliance. In cases where Asylum Access is exempt from reporting or qualifies for a reporting waiver, that conclusion should be documented in its subgrantee records.
Finding 2023-002: Federal Funding Accountability and Transparency Act (FFATA) Reporting Information on the Federal Programs: Assistance Listing Number 19.518 Criteria: The FFATA Subaward Reporting System (FSRS) is the reporting tool Federal prime awardees use to capture and report subaward and executive compensation data regarding their firsttier subawards to meet the FFATA reporting requirements. Prime Awardees awarded a Federal grant are required to file a FFATA sub-award report by the end of the month following the month in which the prime awardee awards any sub-grant equal to or greater than $30,000. Criteria (continued): CFR 200.332(a) states that entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information related to the Federal award project description, as required to be responsive to FFATA. CFR 200.341(c) states that the entity must provide the information required under FFATA to the Federal website established to fulfill the requirements of FFATA, and update or notify any other relevant governmentwide systems or entities of any indications of poor performance (or issues related to suspension or debarment). Condition: Asylum Access has not complied with the aforementioned criteria (we noted no evidence of a FFATA reporting process). Cause: Asylum Access does not maintain documented policies regarding FFATA reporting and therefore compliance with Federal regulations cannot be determined. Context: Absent proper policies and procedures, Asylum Access is at risk of entering into sub-awards under Federal awards that were not properly reported and therefore could result in noncompliance with FFATA requirements. Effect: Asylum Access did not comply with the requirements noted above. Questioned Costs: None noted. Identification as a Repeat Finding: N/A Recommendation: We recommend Asylum Access establish a FFATA reporting policy to become compliant with the aforementioned requirements. We further recommend it ensure all staff are properly trained with respect to the new policy to ensure compliance. In cases where Asylum Access is exempt from reporting or qualifies for a reporting waiver, that conclusion should be documented in its subgrantee records.
Federal Agency: U.S. Department of the Treasury Federal Program Name: • Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: • 21.027 Federal Award Identification Number: SLFRP0126 Pass-Through Agency: State of Colorado Department of Human Services (CDHS), Signal Behavioral Health Network, and City and Country of Broomfield Department of Health and Human Services Pass-Through Number(s): N/A Award Period: 7/1/2022 – 6/30/2023 Type of Finding: • Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or specific requirement: According to § 2 CFR 200.332 Requirements for Pass-through Entities, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Condition: The Organization lacked a process to complete a risk assessment that would allow the Organization to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Questioned costs: None. Context: We noted the Organization is not in compliance with requirements defined within 2 CFR §200.332(b). Cause: The Organization lacks established internal controls and procedures that ensure a complete risk assessment is performed on all Subrecipients. Effect: The lack of internal controls over this compliance requirement provides an opportunity for noncompliance. Repeat Finding: Yes - Modified: 2022-004 Recommendation: The Organization created a Subrecipient Monitoring Policy in fiscal year 2023 to include performing subrecipient risk assessments on all subrecipient relationships entered into by the Organization. As part of the Organization’s subrecipient monitoring process it received an incomplete audit report from a subrecipient and as a result the Organization was not aware of the audit findings the subrecipient had received. We recommend the Organization utilize the federal audit clearinghouse to verify the audit reports the subrecipients are providing. Views of responsible officials: Management concurs with the audit finding. Subrecipient monitoring was performed per the existing policy but the subrecipient provided inaccurate information on the monitoring questionnaire and incomplete audit information. The information provided by the subrecipient was not verified against the Federal Audit Clearinghouse. The risk assessment policy will be updated to ensure that information provided by subrecipients is verified against the Federal Audit Clearinghouse to ensure a complete risk assessment is performed.
Federal Agency: U.S. Department of the Treasury Federal Program Name: • Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: • 21.027 Federal Award Identification Number: SLFRP0126 Pass-Through Agency: State of Colorado Department of Human Services (CDHS), Signal Behavioral Health Network, and City and Country of Broomfield Department of Health and Human Services Pass-Through Number(s): N/A Award Period: 7/1/2022 – 6/30/2023 Type of Finding: • Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or specific requirement: According to § 2 CFR 200.332 Requirements for Pass-through Entities, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Condition: The Organization lacked a process to complete a risk assessment that would allow the Organization to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Questioned costs: None. Context: We noted the Organization is not in compliance with requirements defined within 2 CFR §200.332(b). Cause: The Organization lacks established internal controls and procedures that ensure a complete risk assessment is performed on all Subrecipients. Effect: The lack of internal controls over this compliance requirement provides an opportunity for noncompliance. Repeat Finding: Yes - Modified: 2022-004 Recommendation: The Organization created a Subrecipient Monitoring Policy in fiscal year 2023 to include performing subrecipient risk assessments on all subrecipient relationships entered into by the Organization. As part of the Organization’s subrecipient monitoring process it received an incomplete audit report from a subrecipient and as a result the Organization was not aware of the audit findings the subrecipient had received. We recommend the Organization utilize the federal audit clearinghouse to verify the audit reports the subrecipients are providing. Views of responsible officials: Management concurs with the audit finding. Subrecipient monitoring was performed per the existing policy but the subrecipient provided inaccurate information on the monitoring questionnaire and incomplete audit information. The information provided by the subrecipient was not verified against the Federal Audit Clearinghouse. The risk assessment policy will be updated to ensure that information provided by subrecipients is verified against the Federal Audit Clearinghouse to ensure a complete risk assessment is performed.
Federal Agency: U.S. Department of the Treasury Federal Program Name: • Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: • 21.027 Federal Award Identification Number: SLFRP0126 Pass-Through Agency: State of Colorado Department of Human Services (CDHS), Signal Behavioral Health Network, and City and Country of Broomfield Department of Health and Human Services Pass-Through Number(s): N/A Award Period: 7/1/2022 – 6/30/2023 Type of Finding: • Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or specific requirement: According to § 2 CFR 200.332 Requirements for Pass-through Entities, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Condition: The Organization lacked a process to complete a risk assessment that would allow the Organization to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Questioned costs: None. Context: We noted the Organization is not in compliance with requirements defined within 2 CFR §200.332(b). Cause: The Organization lacks established internal controls and procedures that ensure a complete risk assessment is performed on all Subrecipients. Effect: The lack of internal controls over this compliance requirement provides an opportunity for noncompliance. Repeat Finding: Yes - Modified: 2022-004 Recommendation: The Organization created a Subrecipient Monitoring Policy in fiscal year 2023 to include performing subrecipient risk assessments on all subrecipient relationships entered into by the Organization. As part of the Organization’s subrecipient monitoring process it received an incomplete audit report from a subrecipient and as a result the Organization was not aware of the audit findings the subrecipient had received. We recommend the Organization utilize the federal audit clearinghouse to verify the audit reports the subrecipients are providing. Views of responsible officials: Management concurs with the audit finding. Subrecipient monitoring was performed per the existing policy but the subrecipient provided inaccurate information on the monitoring questionnaire and incomplete audit information. The information provided by the subrecipient was not verified against the Federal Audit Clearinghouse. The risk assessment policy will be updated to ensure that information provided by subrecipients is verified against the Federal Audit Clearinghouse to ensure a complete risk assessment is performed.
Noncompliance and Significant Deficiency in Internal Controls over Compliance for Subrecipient Monitoring Identification data: U.S. Department of Health and Human Services (HHS) – Mental and Behavioral Health Education and Training Grants, Assistance Listing No. 93.732, Agreement Identifying No. M0142518. Criteria: Title 2 CFR §200.332 describes subrecipient monitoring requirements for pass-through entities, which include the requirement that pass-through entities ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes but is not limited to: • Subrecipient name (which must match the name associated with its unique entity identifier); • Subrecipient's unique entity identifier; • Federal Award Identification Number (FAIN); • Subaward Period of Performance Start and End Date; • Subaward Budget Period Start and End Date; • Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; • Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; • Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); • Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; • Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; • Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. • All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; • Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports; • A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and • Appropriate terms and conditions concerning closeout of the subaward. Condition: The Organization did not have a process of generating a subaward agreement that was in compliance with the criteria listed above. Cause: A breakdown in the Organization’s internal controls over subrecipient monitoring did not allow the Organization to fully meet the subrecipient monitoring requirements under the program. Effect or potential effect: The control deficiency is a significant deficiency that prevented the Organization from fully complying with the subrecipient monitoring requirements of the program. Identification of a Repeat Finding: New finding. Recommendation: The Organization should review its system of internal control over subrecipient monitoring to determine improvements that can be made to ensure the Organization has agreements that meet the required criteria identified above. Views of Responsible Officials: The Organization misunderstood the directions given by the Grants Management Specialist in this instance. The Organization has reviewed the requirements of Compliance for Subrecipient Monitoring and has controls in place to ensure those requirements are followed.
2023-001 - Subrecipient Monitoring Federal Program Information: U.S. Department of Education Passed through the State of Vermont Agency of Education ALN: 84.425 - Education Stabilization Fund Criteria: The following CFR(s) apply to this finding: 2 CFR 200.332(a) Condition: During audit procedures, it was identified that the Union did not have compliant subrecipient awards. Cause: The Union does not have a process to provide subawards to subrecipients. Effect: Subrecipient awards are not executed in compliance with the requirement above. Identification of Questioned Costs: None identified. Context: There were two subrecipents. It was determined that the Union did not have subawards for either subrecipient. This is not a statistically valid sample. Repeat Finding: This is not a repeat finding. Recommendation: It is recommended that the Union implements processes and procedures to ensure that they are following the criteria above. Views of Responsible Officials and Corrective Action Plan: Client agrees with finding, and the unabridged version of their response can be found in the Corrective Action Plan. Please see the Corrective Action Plan issued by the Two Rivers Supervisory Union.
2023-001 - Subrecipient Monitoring Federal Program Information: U.S. Department of Education Passed through the State of Vermont Agency of Education ALN: 84.425 - Education Stabilization Fund Criteria: The following CFR(s) apply to this finding: 2 CFR 200.332(a) Condition: During audit procedures, it was identified that the Union did not have compliant subrecipient awards. Cause: The Union does not have a process to provide subawards to subrecipients. Effect: Subrecipient awards are not executed in compliance with the requirement above. Identification of Questioned Costs: None identified. Context: There were two subrecipents. It was determined that the Union did not have subawards for either subrecipient. This is not a statistically valid sample. Repeat Finding: This is not a repeat finding. Recommendation: It is recommended that the Union implements processes and procedures to ensure that they are following the criteria above. Views of Responsible Officials and Corrective Action Plan: Client agrees with finding, and the unabridged version of their response can be found in the Corrective Action Plan. Please see the Corrective Action Plan issued by the Two Rivers Supervisory Union.
2023-004 (2019-015) SUBRECIPIENT MONITORING – Repeated and Modified Federal Agency: U.S. Department of Homeland Security/FEMA Federal Program Title & Assistance Listing Number: Homeland Security Grant Program – 97.067 Award Period: Various Type of Finding: Significant Deficiency in Internal Control over Compliance Other Non-compliance Condition During our testing, we noted the Department did not have adequate internal controls in place to ensure compliance with subrecipient monitoring. • Homeland Security Grant Program – 97.067 o This program of the Department lacked evidence that a risk assessment was performed for subrecipients as relates to the risk of noncompliance for those subawards subject to the Uniform Guidance. o This program of the Department lacked evidence that reviews of audits of subrecipients were performed that would allow the Department to identify any potential deficiencies that would require follow-up. Management’s Progress for Repeated Findings: Management made some progress in the performing of risk assessments and reviews of audits for Emergency Management Performance Grants, Disaster Grants – Public Assistance, and Pre-Disaster Mitigation programs. In other areas noted above, management has not yet implemented adequate controls to resolve the finding from the prior years. Criteria According to §200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 Management Decision. Department Policy No. GRA 418 Sub-Grant Recipient Monitoring effective June 30, 2017 establishes and implements policy and procedures for the Department staff engaged in the Department’s sub-grant recipient monitoring process. For Mitigation Sub-Grant Monitoring, the Mitigation Specialist shall review the local progress quarterly reports due to the Department. For Non-Disaster Sub-Grant Recipient Monitoring, the Program Manager shall review the local progress quarterly reports due to the Department. Specific to Pre-Monitoring Requirements and Considerations, Department Program Staff shall perform risk-based assessments and apply the assessment to all of the Department’s approved sub-recipients for monitoring purposes and risk designation. Effect The lack of internal controls over this compliance requirement provides an opportunity for noncompliance at the subrecipient level. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. Cause The Department lacks established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements.
Program Information Research and Development Cluster: ALN 47.076 NSF Robert Noyce Teacher Scholarship Program, ALN 93.213 Research and Training in Complementary and Alternative Medicine Federal Award Year: July 1, 2022 – June 30, 2023 Criteria or Requirement Title 2, U.S. Code of Federal Regulations Part 200 (2 CFR 200.332), Requirements for pass-through entities requires that all pass-through entities must verify that every subrecipient is audited (as required by 2 CFR Part 200 Subpart F) when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Title 200 part 2 CFR 200.303 states that the Institution, as a federal grant recipient, must “establish and maintain effective internal controls over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition found, including facts that support the deficiency identified in the finding and information to provide proper perspective for judging the prevalence and consequences of the finding For 3 subrecipients selected for testing, evidence of controls to ensure that subrecipients had been audited in accordance with by 2 CFR Part 200 Subpart F, or were not subject to audit, was not available. Cause and Possible Asserted Effect The University did not have sufficient controls over collection and review of audit reports of subrecipients under 2 CFR Part 200 Subpart F. Identification of questioned costs and how they were computed None Sample statistically valid The sample was not intended to be, and was not, a statistically valid sample. Repeat Finding from prior year The audit finding is not a repeat finding. Recommendation We recommend that the University strengthen its controls over monitoring of subrecipients, in order to ensure that audit reports of subrecipients under 2 CFR Part 200 Subpart F are obtained and timely reviewed. Views on responsible officials Pacific University acknowledges the importance of an effective control environment and closely monitors activities of subrecipients under federal awards. Pacific was able to demonstrate that the selected subrecipients had appropriate audits under Subpart F (or were not subject to such audits). However, the University will enhance controls related to tracking such compliance.
Program Information Research and Development Cluster: ALN 47.076 NSF Robert Noyce Teacher Scholarship Program, ALN 93.213 Research and Training in Complementary and Alternative Medicine Federal Award Year: July 1, 2022 – June 30, 2023 Criteria or Requirement Title 2, U.S. Code of Federal Regulations Part 200 (2 CFR 200.332), Requirements for pass-through entities requires that all pass-through entities must verify that every subrecipient is audited (as required by 2 CFR Part 200 Subpart F) when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Title 200 part 2 CFR 200.303 states that the Institution, as a federal grant recipient, must “establish and maintain effective internal controls over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition found, including facts that support the deficiency identified in the finding and information to provide proper perspective for judging the prevalence and consequences of the finding For 3 subrecipients selected for testing, evidence of controls to ensure that subrecipients had been audited in accordance with by 2 CFR Part 200 Subpart F, or were not subject to audit, was not available. Cause and Possible Asserted Effect The University did not have sufficient controls over collection and review of audit reports of subrecipients under 2 CFR Part 200 Subpart F. Identification of questioned costs and how they were computed None Sample statistically valid The sample was not intended to be, and was not, a statistically valid sample. Repeat Finding from prior year The audit finding is not a repeat finding. Recommendation We recommend that the University strengthen its controls over monitoring of subrecipients, in order to ensure that audit reports of subrecipients under 2 CFR Part 200 Subpart F are obtained and timely reviewed. Views on responsible officials Pacific University acknowledges the importance of an effective control environment and closely monitors activities of subrecipients under federal awards. Pacific was able to demonstrate that the selected subrecipients had appropriate audits under Subpart F (or were not subject to such audits). However, the University will enhance controls related to tracking such compliance.
2023–011 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of the Interior Abandoned Mine Land Reclamation (AMLR) 15.252, Grant Award S16AF20058, Grant Award S18AF20000, Grant Award S19AF20000, Grant Award S19AF20020, Grant Award S20AF20008, Grant Award S20AF20038, Grant Award S20AF20094, Grant Award S21AF10040, Grant Award S22AF00013, Grant Award S22AF00039, Grant Award S23AF00013, Grant Award S23AF00059, Grant Award S23AF00107 Criteria or specific requirement (including statutory, regulatory or other citation): 2 CFR 200.303 requires that the non-federal entity must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR 200.332(b) requires that all pass-through entities must: (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). Condition: We noted that the West Virginia Department of Environmental Protection (the Department) did not perform a subrecipient risk assessment. Therefore, the Department was unable to provide documentation supporting that the level of monitoring to be completed for each subrecipient was appropriate based on the risk assessment. Cause: The Department does not have policies and procedures in place surrounding the subrecipient monitoring compliance requirements and a risk assessment of subrecipients was not performed during the current fiscal year. Effect or Potential Effect: The Department does not have proper internal controls in place to ensure risk assessments are performed annually for all subrecipients. Questioned Costs: Unknown Context: Total federal expenditures and total subrecipient expenditures for the AMLR Grants program were $29,631,143 and $12,283,714, respectively, for the year ended June 30, 2023. There were 24 subrecipients during the year ended June 30, 2023. Identification as a Repeat Finding: This is not a repeat finding from the prior year. Recommendation: We recommend that the Department implement written policies and procedures to perform an annual risk assessment of subrecipients to determine the proper extent of monitoring procedures. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
2023–038 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of Health and Human Services Temporary Assistance for Needy Families (TANF) 93.558/COVID-19 93.558, Grant Award 2022 – 2201WVTANF, Grant Award 2023 – 2301WVTANF Criteria or specific requirement (including statutory, regulatory or other citation): 2 CFR 200.303 requires that the non-federal entity must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR 200.332(a) requires that a pass-through entity “Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward.” Required information includes the Federal Award Identification Number (FAIN). Condition: For four of four subawards selected for testing for subrecipient monitoring, the West Virginia Department of Education (DOE) did not communicate the FAIN to the subrecipient in the subaward. Cause: There are insufficient internal controls in place surrounding what information is included in the subaward. Effect or Potential Effect: The DOE is not providing required information to their subrecipients and therefore, not complying with federal regulations. Questioned Costs: Unknown Context: The federal expenditures and subrecipient expenditures for TANF for the fiscal year ended June 30, 2023, were $85,510,454, and $18,789,521, respectively. Identification as a Repeat Finding: This is not a repeat finding from the prior year. Recommendation: We recommend that DOE implement policies and procedures to ensure that the subawards include all requirements information to be communication to subrecipients in line with federal regulations. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
2023–038 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of Health and Human Services Temporary Assistance for Needy Families (TANF) 93.558/COVID-19 93.558, Grant Award 2022 – 2201WVTANF, Grant Award 2023 – 2301WVTANF Criteria or specific requirement (including statutory, regulatory or other citation): 2 CFR 200.303 requires that the non-federal entity must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR 200.332(a) requires that a pass-through entity “Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward.” Required information includes the Federal Award Identification Number (FAIN). Condition: For four of four subawards selected for testing for subrecipient monitoring, the West Virginia Department of Education (DOE) did not communicate the FAIN to the subrecipient in the subaward. Cause: There are insufficient internal controls in place surrounding what information is included in the subaward. Effect or Potential Effect: The DOE is not providing required information to their subrecipients and therefore, not complying with federal regulations. Questioned Costs: Unknown Context: The federal expenditures and subrecipient expenditures for TANF for the fiscal year ended June 30, 2023, were $85,510,454, and $18,789,521, respectively. Identification as a Repeat Finding: This is not a repeat finding from the prior year. Recommendation: We recommend that DOE implement policies and procedures to ensure that the subawards include all requirements information to be communication to subrecipients in line with federal regulations. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
2023–047 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of Health and Human Services Low-Income Home Energy Assistance 93.568/COVID-19 93.568, Grant Award G-2101WVE5C6, Grant Award G-2201WVLIEA, Grant Award G-2201WVLIEI, Grant Award G-2301WVLIEE, Grant Award G-2301WVLIEA, Grant Award G-2301WVLIEI Criteria or specific requirement (including statutory, regulatory or other citation): 2 CFR 200.303 requires that the non-federal entity must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).” Per 2 CFR 200.332(f), “All pass-through entities must: Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501.” Condition: During our testing of subrecipient monitoring for subrecipients subject to Uniform Guidance Audit Requirements, it was noted that for the five subrecipients selected that were subject to audit requirements, the management of the West Virginia Community Advancement and Development (WV CAD) was unable to provide supporting documentation that verified the agency performed due diligence to ensure that the subrecipients were properly audited in accordance with the provisions of 2 CFR 200.332(f). Cause: There was lack of supporting documentation provided to properly determine whether the WV CAD management properly verified whether all subrecipients had been audited that were required to be under the requirements of 2 CFR 200.332(f). Effect or Potential Effect: The WV CAD does not have proper internal controls in place to ensure policies and procedures surrounding subrecipient monitoring compliance requirements are in effect. The WV CAD does not have evidence to support that all subrecipients that were required to be audited were done so properly; therefore, this could result in subrecipients required to be audited not having an audit completed. Questioned Costs: N/A Context: Total expenditures and total subrecipient expenditures for the Low-Income Home Energy Assistance program for the year ended June 30, 2023, were $78,229,389 and $17,209,504, respectively. There were 16 total subrecipients and all 5 selected for testing were unable to provide information to support due diligence procedures over subrecipients. Identification as a Repeat Finding: This is not a repeat finding from the prior year. Recommendation: We recommend that the WV CAD management review policies and procedures for sufficiency and commit appropriate personnel to subrecipient monitoring to ensure they are in compliance with all federal requirements. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
2023–047 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of Health and Human Services Low-Income Home Energy Assistance 93.568/COVID-19 93.568, Grant Award G-2101WVE5C6, Grant Award G-2201WVLIEA, Grant Award G-2201WVLIEI, Grant Award G-2301WVLIEE, Grant Award G-2301WVLIEA, Grant Award G-2301WVLIEI Criteria or specific requirement (including statutory, regulatory or other citation): 2 CFR 200.303 requires that the non-federal entity must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).” Per 2 CFR 200.332(f), “All pass-through entities must: Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501.” Condition: During our testing of subrecipient monitoring for subrecipients subject to Uniform Guidance Audit Requirements, it was noted that for the five subrecipients selected that were subject to audit requirements, the management of the West Virginia Community Advancement and Development (WV CAD) was unable to provide supporting documentation that verified the agency performed due diligence to ensure that the subrecipients were properly audited in accordance with the provisions of 2 CFR 200.332(f). Cause: There was lack of supporting documentation provided to properly determine whether the WV CAD management properly verified whether all subrecipients had been audited that were required to be under the requirements of 2 CFR 200.332(f). Effect or Potential Effect: The WV CAD does not have proper internal controls in place to ensure policies and procedures surrounding subrecipient monitoring compliance requirements are in effect. The WV CAD does not have evidence to support that all subrecipients that were required to be audited were done so properly; therefore, this could result in subrecipients required to be audited not having an audit completed. Questioned Costs: N/A Context: Total expenditures and total subrecipient expenditures for the Low-Income Home Energy Assistance program for the year ended June 30, 2023, were $78,229,389 and $17,209,504, respectively. There were 16 total subrecipients and all 5 selected for testing were unable to provide information to support due diligence procedures over subrecipients. Identification as a Repeat Finding: This is not a repeat finding from the prior year. Recommendation: We recommend that the WV CAD management review policies and procedures for sufficiency and commit appropriate personnel to subrecipient monitoring to ensure they are in compliance with all federal requirements. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
2023–055 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of Homeland Security Disaster Grants – Public Assistance (Presidentially Declared Disasters) 97.036, Grant Award FEMA–4273-DR–WV, Grant Award FEMA–4331-DR–WV, Grant Award FEMA–4359-DR–WV, Grant Award FEMA–4378-DR–WV, Grant Award FEMA–4455-DR–WV, Grant Award FEMA–4517-DR–WV, Grant Award FEMA–4603-DR–WV, Grant Award FEMA–4605-DR–WV Criteria or specific requirement (including statutory, regulatory or other citation): 2 CFR 200.303 requires that the West Virginia Division of Emergency Management (DEM) must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR 200.332(b) requires that all pass-through entities must: (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). 2 CFR 200.332(f) required that all pass-through entities must “verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in Section 200.501.” Condition: The School Building Authority (SBA) did not perform subrecipient risk assessments. Additionally, SBA did not verify if subrecipients subject to be audited per 2 CFR 200.332(f) were audited as required. Cause: SBA does not have proper policies and procedures in place surrounding the subrecipient monitoring compliance requirements. Effect or Potential Effect: SBA is not in compliance with the subrecipient monitoring compliance requirements. Questioned Costs: Unknown Context: Total federal expenditures for the Disaster Grants – Public Assistance (Presidentially Declared Disasters) program were $123,949,127 for the year ended June 30, 2023. SBA had two subrecipients with subrecipient expenditures totaling $45,615,370 for the year ended June 30, 2023. Identification as a Repeat Finding: Prior Year Finding 2022–043 Recommendation: We recommend that SBA implement policies and procedures surrounding subrecipient monitoring to ensure they are in compliance with the subrecipient monitoring compliance requirements. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
2023–055 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of Homeland Security Disaster Grants – Public Assistance (Presidentially Declared Disasters) 97.036, Grant Award FEMA–4273-DR–WV, Grant Award FEMA–4331-DR–WV, Grant Award FEMA–4359-DR–WV, Grant Award FEMA–4378-DR–WV, Grant Award FEMA–4455-DR–WV, Grant Award FEMA–4517-DR–WV, Grant Award FEMA–4603-DR–WV, Grant Award FEMA–4605-DR–WV Criteria or specific requirement (including statutory, regulatory or other citation): 2 CFR 200.303 requires that the West Virginia Division of Emergency Management (DEM) must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR 200.332(b) requires that all pass-through entities must: (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). 2 CFR 200.332(f) required that all pass-through entities must “verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in Section 200.501.” Condition: The School Building Authority (SBA) did not perform subrecipient risk assessments. Additionally, SBA did not verify if subrecipients subject to be audited per 2 CFR 200.332(f) were audited as required. Cause: SBA does not have proper policies and procedures in place surrounding the subrecipient monitoring compliance requirements. Effect or Potential Effect: SBA is not in compliance with the subrecipient monitoring compliance requirements. Questioned Costs: Unknown Context: Total federal expenditures for the Disaster Grants – Public Assistance (Presidentially Declared Disasters) program were $123,949,127 for the year ended June 30, 2023. SBA had two subrecipients with subrecipient expenditures totaling $45,615,370 for the year ended June 30, 2023. Identification as a Repeat Finding: Prior Year Finding 2022–043 Recommendation: We recommend that SBA implement policies and procedures surrounding subrecipient monitoring to ensure they are in compliance with the subrecipient monitoring compliance requirements. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
Federal Agency: U.S. Department of Treasury Federal Program Name: Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Emergency Rental Assistance Program Assistance Listing Number: 21.027 and 21.023 Federal Award Identification Numberand Year: ALN 21.027 -Pub. L. No. 117-2 2021 ALN 21.023 -ERA0335 2021 Award Period: ALN 21.027 - 5/10/2021 - 12/31/2026 ALN 21.023 - 1/20/2021 - 9/30/2022 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: According to§ 200.303 Internal controls of 2 CFR Part 200, the non-federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. According to § 200.331 Subrecipient and contractor determinations of 2 CFR Part 200, a pass-through entity must make case-by case determinations whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. According to § 200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must: • Evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. • Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. • Verify that every subrecipient is audited as required by Subpart F ohhis part when it is expected that the subrecipient's federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in§ 200.501. • Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. According to the City's subrecipient monitoring policies and procedures, monitoring of subrecipients shall be conducted as often as may be required at the discretion of the Community Development Division or at least once per program year. An annual Risk Assessment will be completed to determine a ranking for the activity. The Risk Assessment ranking score will determine whether a monitoring review will occur. According to the City's Sub-recipient Agreement, the Sub-recipient will provide to the Department of Family and Community Services cumulative quarterly program performance reports covering the Services provided under this Agreement. Reports are due no later than fifteen (15) days after the end of the reporting quarter, and shall be in accordance with City of Albuquerque reporting instructions. Condition: During our testing, it was noted that the City did not follow federal subrecipient monitoring and management regulation nor its subrecipient monitoring policies and procedures. Management's Progress for Repeat Findings: This is a repeated and modified.finding. While the City has improved its efforts, there are still opportunities for improvement to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements as well as compliance with City policy. Questioned costs: None Context: During our testing, we noted the following exceptions related to subrecipient monitoring. ALN 21.027 • For one of the five subrecipients, the City did not utilize the risk assessment tool specific to ARPA which does have a different risk assessment ranking score determining the monitoring of the subrecipient. The City did, however, perform a monitoring visit for the subrecipient. • For one of the five subrecipients, the City was unable to locate the subrecipient/contract determination worksheet. • For one of the five subrecipients, the City was unable to locate the quarterly program performance reports submitted by the subrecipient. ALN 21.023 • For one of the five subrecipients, the most recent annual audit report for the year ended June 30, 2022 was not reviewed by the City nor included in the risk assessment. Cause: The City does not have sufficient internal controls to ensure appropriate risk assessment and subrecipient monitoring. Effect: The auditor noted instances of noncompliance. Recommendation: The City has developed standard City-wide subrecipient management and monitoring policies and procedures effective June 2023. We recommend the City design controls to ensure departments are abiding by the subrecipient management and monitoring policies and procedures including Individual departments that develop their own department specific and/or grant-specific subrecipient management policies and procedures. Management Response: The City agrees with the finding. The City's Grant Administrator will provide training to each City department which currently oversees subrecipients, ensuring that all department staff understand general and ARPA-specific subrecipient requirements. Additionally, the Grant Administrator will review City departments' subrecipient management checklists to ensure all required documentation is obtained from subrecipients and reviewed as required. This will be complete by June 30, 2024. Timeline and Responsible Position: June 2024 - Grants Administrator
Federal Agency: U.S. Department of Treasury Federal Program Name: Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Emergency Rental Assistance Program Assistance Listing Number: 21.027 and 21.023 Federal Award Identification Numberand Year: ALN 21.027 -Pub. L. No. 117-2 2021 ALN 21.023 -ERA0335 2021 Award Period: ALN 21.027 - 5/10/2021 - 12/31/2026 ALN 21.023 - 1/20/2021 - 9/30/2022 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: According to§ 200.303 Internal controls of 2 CFR Part 200, the non-federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. According to § 200.331 Subrecipient and contractor determinations of 2 CFR Part 200, a pass-through entity must make case-by case determinations whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. According to § 200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must: • Evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. • Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. • Verify that every subrecipient is audited as required by Subpart F ohhis part when it is expected that the subrecipient's federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in§ 200.501. • Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. According to the City's subrecipient monitoring policies and procedures, monitoring of subrecipients shall be conducted as often as may be required at the discretion of the Community Development Division or at least once per program year. An annual Risk Assessment will be completed to determine a ranking for the activity. The Risk Assessment ranking score will determine whether a monitoring review will occur. According to the City's Sub-recipient Agreement, the Sub-recipient will provide to the Department of Family and Community Services cumulative quarterly program performance reports covering the Services provided under this Agreement. Reports are due no later than fifteen (15) days after the end of the reporting quarter, and shall be in accordance with City of Albuquerque reporting instructions. Condition: During our testing, it was noted that the City did not follow federal subrecipient monitoring and management regulation nor its subrecipient monitoring policies and procedures. Management's Progress for Repeat Findings: This is a repeated and modified.finding. While the City has improved its efforts, there are still opportunities for improvement to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements as well as compliance with City policy. Questioned costs: None Context: During our testing, we noted the following exceptions related to subrecipient monitoring. ALN 21.027 • For one of the five subrecipients, the City did not utilize the risk assessment tool specific to ARPA which does have a different risk assessment ranking score determining the monitoring of the subrecipient. The City did, however, perform a monitoring visit for the subrecipient. • For one of the five subrecipients, the City was unable to locate the subrecipient/contract determination worksheet. • For one of the five subrecipients, the City was unable to locate the quarterly program performance reports submitted by the subrecipient. ALN 21.023 • For one of the five subrecipients, the most recent annual audit report for the year ended June 30, 2022 was not reviewed by the City nor included in the risk assessment. Cause: The City does not have sufficient internal controls to ensure appropriate risk assessment and subrecipient monitoring. Effect: The auditor noted instances of noncompliance. Recommendation: The City has developed standard City-wide subrecipient management and monitoring policies and procedures effective June 2023. We recommend the City design controls to ensure departments are abiding by the subrecipient management and monitoring policies and procedures including Individual departments that develop their own department specific and/or grant-specific subrecipient management policies and procedures. Management Response: The City agrees with the finding. The City's Grant Administrator will provide training to each City department which currently oversees subrecipients, ensuring that all department staff understand general and ARPA-specific subrecipient requirements. Additionally, the Grant Administrator will review City departments' subrecipient management checklists to ensure all required documentation is obtained from subrecipients and reviewed as required. This will be complete by June 30, 2024. Timeline and Responsible Position: June 2024 - Grants Administrator
FINDING 2023-001 Subject: Research and Development Cluster - Subrecipient Monitoring Federal Agencies: National Science Foundation, US Department of Education Federal Programs: Social, Behavioral, and Economic Sciences; Higher Education Institutional Aid Assistance Listings Numbers: 47.075, 84.031 Federal Award Numbers and Years (or Other Identifying Numbers): 1759694, P031F180072 Compliance Requirement: Subrecipient Monitoring Audit Findings: Material Weakness, Other Matters Condition and Context The University expended $1,076,005 in Research and Development funds during the audit period. Of that amount, $86,788 was passed through to five subrecipients. As a pass-through entity, the University was required to identify the award and applicable requirements and monitor the subrecipient. Procedures to monitor its subrecipients included the following: Reviewing financial and programmatic reports as required by the University. Following up and ensuring the subrecipient takes timely and appropriate actions on all deficiencies pertaining to the federal award provided to the subrecipient detected through audits, on-site reviews, and other means. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient. All five subrecipients expended more than $750,000 in federal awards in fiscal year 2022, thus subjecting each to a Single Audit as required by the Uniform Guidance. As such, each subrecipient was required to submit its Single Audit report to the Federal Audit Clearinghouse (FAC) by March 31, 2023. In November 2023, eight months after the subrecipients' report submission deadline, the University completed the review of the fiscal year 2022 audit reports for all five subrecipients. The delayed monitoring would not have allowed the University to follow up and ensure that the subrecipients took timely and appropriate action on all deficiencies pertaining to the federal awards passed through to the subrecipients from the University. In addition, it would not have allowed for the University to issue a management decision for audit findings pertaining to the federal award provided to the subrecipient within six months of acceptance by the FAC. The lack of effective internal controls and noncompliance, as related to the monitoring of the five subrecipients, were systemic issues throughout the audit period. INDIANA STATE BOARD OF ACCOUNTS 15 INDIANA STATE UNIVERSITY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.332 states in part: "All pass-through entities must: . . . (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: . . . (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. . . ." 2 CFR 200.521(d) states in part: "The federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. . . ." Cause The system of internal controls as developed by management of the University was not properly implemented to ensure that subrecipient audit reports were received and reviewed in a timely manner. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, subrecipients to whom payments were made were not adequately monitored. The failure to establish a sufficient system of internal controls allowed noncompliance with the grant agreements and the Subrecipient Monitoring compliance requirement. INDIANA STATE BOARD OF ACCOUNTS 16 INDIANA STATE UNIVERSITY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Questioned Costs There were no questioned costs identified. Recommendation We recommended that the University's management establish a system of internal controls, including segregation of duties, related to the grant agreements and compliance requirements listed above. An internal control system, including segregation of duties, should be designed and operate effectively to provide reasonable assurance that material noncompliance with the grant agreement or a compliance requirement of a federal program will be prevented, or detected and corrected, on a timely basis. In order to have an effective internal control system, it is important to have proper segregation of duties. This is accomplished by making sure proper oversight, reviews, and approvals take place and to have a separation of functions over certain activities related to the program. The fundamental premise of segregation of duties is that an individual or small group of individuals should not be in a position to initiate, approve, undertake, and review the same activity. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2023-001 Subject: Research and Development Cluster - Subrecipient Monitoring Federal Agencies: National Science Foundation, US Department of Education Federal Programs: Social, Behavioral, and Economic Sciences; Higher Education Institutional Aid Assistance Listings Numbers: 47.075, 84.031 Federal Award Numbers and Years (or Other Identifying Numbers): 1759694, P031F180072 Compliance Requirement: Subrecipient Monitoring Audit Findings: Material Weakness, Other Matters Condition and Context The University expended $1,076,005 in Research and Development funds during the audit period. Of that amount, $86,788 was passed through to five subrecipients. As a pass-through entity, the University was required to identify the award and applicable requirements and monitor the subrecipient. Procedures to monitor its subrecipients included the following: Reviewing financial and programmatic reports as required by the University. Following up and ensuring the subrecipient takes timely and appropriate actions on all deficiencies pertaining to the federal award provided to the subrecipient detected through audits, on-site reviews, and other means. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient. All five subrecipients expended more than $750,000 in federal awards in fiscal year 2022, thus subjecting each to a Single Audit as required by the Uniform Guidance. As such, each subrecipient was required to submit its Single Audit report to the Federal Audit Clearinghouse (FAC) by March 31, 2023. In November 2023, eight months after the subrecipients' report submission deadline, the University completed the review of the fiscal year 2022 audit reports for all five subrecipients. The delayed monitoring would not have allowed the University to follow up and ensure that the subrecipients took timely and appropriate action on all deficiencies pertaining to the federal awards passed through to the subrecipients from the University. In addition, it would not have allowed for the University to issue a management decision for audit findings pertaining to the federal award provided to the subrecipient within six months of acceptance by the FAC. The lack of effective internal controls and noncompliance, as related to the monitoring of the five subrecipients, were systemic issues throughout the audit period. INDIANA STATE BOARD OF ACCOUNTS 15 INDIANA STATE UNIVERSITY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.332 states in part: "All pass-through entities must: . . . (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: . . . (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. . . ." 2 CFR 200.521(d) states in part: "The federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. . . ." Cause The system of internal controls as developed by management of the University was not properly implemented to ensure that subrecipient audit reports were received and reviewed in a timely manner. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, subrecipients to whom payments were made were not adequately monitored. The failure to establish a sufficient system of internal controls allowed noncompliance with the grant agreements and the Subrecipient Monitoring compliance requirement. INDIANA STATE BOARD OF ACCOUNTS 16 INDIANA STATE UNIVERSITY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Questioned Costs There were no questioned costs identified. Recommendation We recommended that the University's management establish a system of internal controls, including segregation of duties, related to the grant agreements and compliance requirements listed above. An internal control system, including segregation of duties, should be designed and operate effectively to provide reasonable assurance that material noncompliance with the grant agreement or a compliance requirement of a federal program will be prevented, or detected and corrected, on a timely basis. In order to have an effective internal control system, it is important to have proper segregation of duties. This is accomplished by making sure proper oversight, reviews, and approvals take place and to have a separation of functions over certain activities related to the program. The fundamental premise of segregation of duties is that an individual or small group of individuals should not be in a position to initiate, approve, undertake, and review the same activity. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
Assistance Listing Number, Federal Agency, and Program Name - U.S. Department of Labor H-1B Job Training Grants (ALN 17.268) and WIA/WIOA Pilots, Demonstrations, and Research Projects Strengthening Community Colleges Training Grants (ALN 17.261). Federal Award Identification Number and Year - HG-35916-21-60-A-26 and MI-35900-21-60-A-26. Pass-through Entity - None. Finding Type - Significant deficiency. Repeat Finding - No. Criteria - A passthrough entity must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass through entity must provide the best information available to describe the Federal award and subaward. Required information includes: (1) Federal award identification: (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient's unique entity identifier; (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (vi) Subaward Budget Period Start and End Date; (vii) Amount of Federal Funds Obligated by this action by the pass through entity to the subrecipient; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass through entity including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass through entity; (x) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi) Name of Federal awarding agency, pass through entity, and contact information for awarding official of the Pass through entity; (xii) Assistance Listings number and Title; the pass through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (xiii) Identification of whether the award is R&D; and (xiv) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. (2 CFR 200.332(a)). In addition, 2 CFR 200.332(d) states grantees are required to "Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Condition - The College had the following issues noted: (1) It did not include items (1)(ii) subrecipient's unique unique entity identifier and (1)(xi) Name of federal awarding agency, passthrough entity or contact information within their subrecipient agreement; (2) It was not monitoring the subrecipient budgets and performance plans to ensure objectives were met; and (3) It was not monitoring financial expenditures that were below planned thresholds. Questioned Costs - None. Context - There were 5 subrecipients for grant #17.268 and 6 subrecipients for grant #17.671. There was approval and review of expenditures submitted by all subrecipients on a timely basis. In addition, each subrecipient is required to complete and submit a quarterly narrative performance report which the College uses to prepare the quarterly narrative performance report submitted to the granting agency. Cause and Effect - The College did not have a system in place to monitor actual performance and financial measures against the planned activity as outlined in the subrecipient and grant agreements. The College was also not documenting the results of site visits of the subrecipients. Recommendation - The College should implement controls to have subrecipients track and report perfornance and financial for planned versus actual reporting on a monthly or quarterly basis. In addition, the College should complete a written report summarizing the results of each onsite visit to its subrecipients as required under Uniform Guidance. Views of Responsible Officials and Corrective Action Plan - Management agrees with the finding. The College has implemented a new Grants Administration Guide which covered initial risk assessment, subrecipient determination, subaward agreements, monitoring subrecipients and subrecipient reimbursements. In addition, the College has developed monthly metric reports for planned vs. actual outcomes which is to be completed by each subrecipient. The College has also scheduled formal site visits with each subrecipient to cover Financial status, metric verification, narrative overview and participant records and evaluation. A tool has been developed to summarize each site visit with recommendations. A written report will be provided to the subrecipients after each site visit.
Assistance Listing Number, Federal Agency, and Program Name - U.S. Department of Labor H-1B Job Training Grants (ALN 17.268) and WIA/WIOA Pilots, Demonstrations, and Research Projects Strengthening Community Colleges Training Grants (ALN 17.261). Federal Award Identification Number and Year - HG-35916-21-60-A-26 and MI-35900-21-60-A-26. Pass-through Entity - None. Finding Type - Significant deficiency. Repeat Finding - No. Criteria - A passthrough entity must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass through entity must provide the best information available to describe the Federal award and subaward. Required information includes: (1) Federal award identification: (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient's unique entity identifier; (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (vi) Subaward Budget Period Start and End Date; (vii) Amount of Federal Funds Obligated by this action by the pass through entity to the subrecipient; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass through entity including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass through entity; (x) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi) Name of Federal awarding agency, pass through entity, and contact information for awarding official of the Pass through entity; (xii) Assistance Listings number and Title; the pass through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (xiii) Identification of whether the award is R&D; and (xiv) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. (2 CFR 200.332(a)). In addition, 2 CFR 200.332(d) states grantees are required to "Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Condition - The College had the following issues noted: (1) It did not include items (1)(ii) subrecipient's unique unique entity identifier and (1)(xi) Name of federal awarding agency, passthrough entity or contact information within their subrecipient agreement; (2) It was not monitoring the subrecipient budgets and performance plans to ensure objectives were met; and (3) It was not monitoring financial expenditures that were below planned thresholds. Questioned Costs - None. Context - There were 5 subrecipients for grant #17.268 and 6 subrecipients for grant #17.671. There was approval and review of expenditures submitted by all subrecipients on a timely basis. In addition, each subrecipient is required to complete and submit a quarterly narrative performance report which the College uses to prepare the quarterly narrative performance report submitted to the granting agency. Cause and Effect - The College did not have a system in place to monitor actual performance and financial measures against the planned activity as outlined in the subrecipient and grant agreements. The College was also not documenting the results of site visits of the subrecipients. Recommendation - The College should implement controls to have subrecipients track and report perfornance and financial for planned versus actual reporting on a monthly or quarterly basis. In addition, the College should complete a written report summarizing the results of each onsite visit to its subrecipients as required under Uniform Guidance. Views of Responsible Officials and Corrective Action Plan - Management agrees with the finding. The College has implemented a new Grants Administration Guide which covered initial risk assessment, subrecipient determination, subaward agreements, monitoring subrecipients and subrecipient reimbursements. In addition, the College has developed monthly metric reports for planned vs. actual outcomes which is to be completed by each subrecipient. The College has also scheduled formal site visits with each subrecipient to cover Financial status, metric verification, narrative overview and participant records and evaluation. A tool has been developed to summarize each site visit with recommendations. A written report will be provided to the subrecipients after each site visit.
2023-097: Perform Responsibilities Outlined in the Agency Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-011; 2021-070; 2020-074; 2019-090; 2018-093 Type of Finding: Internal Control and Compliance Severity of Deficiency: Material Weakness Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.303(a); 2 CFR § 200.332 Known Questioned Costs: $0 Social Services’ Compliance Division (Compliance) continues to not adhere to its established approach to oversee the agency’s subrecipient monitoring activities, as outlined in its Agency Monitoring Plan. According to Social Services’ Organizational Structure Report, Compliance is responsible for agency-wide compliance and risk mitigation that helps to ensure adherence to state and federal legal and regulatory standards, including subrecipient monitoring. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds through roughly 5,400 subawards from 35 federal grant programs. During the audit, we noted the following deviations from the Agency Monitoring Plan: While Compliance has updated and finalized the Agency Monitoring Plan, it has not communicated it to Subrecipient Monitoring Coordinators in divisions with subrecipient monitoring responsibilities. Because of the lack of communication, there were deviations from the Agency Monitoring Plan at the division level. For example, the Agency Monitoring Plan requires each division to monitor subrecipients once every three years. However, the Local Review Team did not consider this requirement because Compliance did not communicate the Agency Monitoring Plan to Subrecipient Monitoring Coordinators. The Local Review Team did, however, implement a risk-based approach to monitoring subrecipients as required by the Agency Monitoring Plan. Compliance continues to not review division monitoring plans to ensure the divisions implement a risk-based approach for monitoring subrecipients. The Agency Monitoring Plan states that Compliance will use a Monitoring Plan Checklist to evaluate and determine if all the required elements for subrecipient monitoring are present in each division’s plan. Because of the lack of review, the Division of Benefit Programs’ (Benefit Programs) fiscal year 2023 monitoring plan did not meet all the requirements outlined in the Agency Monitoring Plan because it did not include a risk-based approach for subrecipient monitoring and did not consider all subrecipients who receive funding from the Temporary Assistance for Needy Families (TANF) federal grant program. Additionally, while the Office of New Americans has adequate subrecipient monitoring processes, it does not have a written monitoring plan as required by the Agency Monitoring Plan. Compliance continues to not analyze each division’s subrecipient monitoring activities. As a result, Compliance has not produced quarterly reports of variances and noncompliance to brief Social Services’ Executive Team on the agency’s subrecipient monitoring activities. Because of Compliance’s lack of analysis and communication, the Executive Team was unaware of the deviations noted above. Title 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Without performing the responsibilities in the Agency Monitoring Plan, Social Services cannot provide reasonable assurance that the agency has complied with pass-through entity federal requirements at 2 CFR § 200.332. Because of the scope of this matter and the magnitude of Social Services’ subrecipient monitoring responsibilities, we consider these weaknesses collectively to create a material weakness in internal control over compliance. Since the prior audit, Compliance and Social Services’ Executive Team have worked together to discuss solutions to address this audit finding. Social Services is considering procuring a grants management system and Compliance has worked with the agency’s Division of Information Technology to determine whether it can utilize this system to fulfil its subrecipient monitoring responsibilities. Compliance has also discussed the need for additional staff to assist with subrecipient monitoring oversight with the Executive Team. However, Compliance has not implemented these corrective actions as of the end of fiscal year 2023 because of the level of effort and considerations involved with these corrective actions. Therefore, Compliance should continue to work with the Executive Team to make sure that it has the appropriate level of resources to fulfil its responsibilities in the Agency Monitoring Plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-097: Perform Responsibilities Outlined in the Agency Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-011; 2021-070; 2020-074; 2019-090; 2018-093 Type of Finding: Internal Control and Compliance Severity of Deficiency: Material Weakness Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.303(a); 2 CFR § 200.332 Known Questioned Costs: $0 Social Services’ Compliance Division (Compliance) continues to not adhere to its established approach to oversee the agency’s subrecipient monitoring activities, as outlined in its Agency Monitoring Plan. According to Social Services’ Organizational Structure Report, Compliance is responsible for agency-wide compliance and risk mitigation that helps to ensure adherence to state and federal legal and regulatory standards, including subrecipient monitoring. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds through roughly 5,400 subawards from 35 federal grant programs. During the audit, we noted the following deviations from the Agency Monitoring Plan: While Compliance has updated and finalized the Agency Monitoring Plan, it has not communicated it to Subrecipient Monitoring Coordinators in divisions with subrecipient monitoring responsibilities. Because of the lack of communication, there were deviations from the Agency Monitoring Plan at the division level. For example, the Agency Monitoring Plan requires each division to monitor subrecipients once every three years. However, the Local Review Team did not consider this requirement because Compliance did not communicate the Agency Monitoring Plan to Subrecipient Monitoring Coordinators. The Local Review Team did, however, implement a risk-based approach to monitoring subrecipients as required by the Agency Monitoring Plan. Compliance continues to not review division monitoring plans to ensure the divisions implement a risk-based approach for monitoring subrecipients. The Agency Monitoring Plan states that Compliance will use a Monitoring Plan Checklist to evaluate and determine if all the required elements for subrecipient monitoring are present in each division’s plan. Because of the lack of review, the Division of Benefit Programs’ (Benefit Programs) fiscal year 2023 monitoring plan did not meet all the requirements outlined in the Agency Monitoring Plan because it did not include a risk-based approach for subrecipient monitoring and did not consider all subrecipients who receive funding from the Temporary Assistance for Needy Families (TANF) federal grant program. Additionally, while the Office of New Americans has adequate subrecipient monitoring processes, it does not have a written monitoring plan as required by the Agency Monitoring Plan. Compliance continues to not analyze each division’s subrecipient monitoring activities. As a result, Compliance has not produced quarterly reports of variances and noncompliance to brief Social Services’ Executive Team on the agency’s subrecipient monitoring activities. Because of Compliance’s lack of analysis and communication, the Executive Team was unaware of the deviations noted above. Title 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Without performing the responsibilities in the Agency Monitoring Plan, Social Services cannot provide reasonable assurance that the agency has complied with pass-through entity federal requirements at 2 CFR § 200.332. Because of the scope of this matter and the magnitude of Social Services’ subrecipient monitoring responsibilities, we consider these weaknesses collectively to create a material weakness in internal control over compliance. Since the prior audit, Compliance and Social Services’ Executive Team have worked together to discuss solutions to address this audit finding. Social Services is considering procuring a grants management system and Compliance has worked with the agency’s Division of Information Technology to determine whether it can utilize this system to fulfil its subrecipient monitoring responsibilities. Compliance has also discussed the need for additional staff to assist with subrecipient monitoring oversight with the Executive Team. However, Compliance has not implemented these corrective actions as of the end of fiscal year 2023 because of the level of effort and considerations involved with these corrective actions. Therefore, Compliance should continue to work with the Executive Team to make sure that it has the appropriate level of resources to fulfil its responsibilities in the Agency Monitoring Plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-097: Perform Responsibilities Outlined in the Agency Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-011; 2021-070; 2020-074; 2019-090; 2018-093 Type of Finding: Internal Control and Compliance Severity of Deficiency: Material Weakness Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.303(a); 2 CFR § 200.332 Known Questioned Costs: $0 Social Services’ Compliance Division (Compliance) continues to not adhere to its established approach to oversee the agency’s subrecipient monitoring activities, as outlined in its Agency Monitoring Plan. According to Social Services’ Organizational Structure Report, Compliance is responsible for agency-wide compliance and risk mitigation that helps to ensure adherence to state and federal legal and regulatory standards, including subrecipient monitoring. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds through roughly 5,400 subawards from 35 federal grant programs. During the audit, we noted the following deviations from the Agency Monitoring Plan: While Compliance has updated and finalized the Agency Monitoring Plan, it has not communicated it to Subrecipient Monitoring Coordinators in divisions with subrecipient monitoring responsibilities. Because of the lack of communication, there were deviations from the Agency Monitoring Plan at the division level. For example, the Agency Monitoring Plan requires each division to monitor subrecipients once every three years. However, the Local Review Team did not consider this requirement because Compliance did not communicate the Agency Monitoring Plan to Subrecipient Monitoring Coordinators. The Local Review Team did, however, implement a risk-based approach to monitoring subrecipients as required by the Agency Monitoring Plan. Compliance continues to not review division monitoring plans to ensure the divisions implement a risk-based approach for monitoring subrecipients. The Agency Monitoring Plan states that Compliance will use a Monitoring Plan Checklist to evaluate and determine if all the required elements for subrecipient monitoring are present in each division’s plan. Because of the lack of review, the Division of Benefit Programs’ (Benefit Programs) fiscal year 2023 monitoring plan did not meet all the requirements outlined in the Agency Monitoring Plan because it did not include a risk-based approach for subrecipient monitoring and did not consider all subrecipients who receive funding from the Temporary Assistance for Needy Families (TANF) federal grant program. Additionally, while the Office of New Americans has adequate subrecipient monitoring processes, it does not have a written monitoring plan as required by the Agency Monitoring Plan. Compliance continues to not analyze each division’s subrecipient monitoring activities. As a result, Compliance has not produced quarterly reports of variances and noncompliance to brief Social Services’ Executive Team on the agency’s subrecipient monitoring activities. Because of Compliance’s lack of analysis and communication, the Executive Team was unaware of the deviations noted above. Title 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Without performing the responsibilities in the Agency Monitoring Plan, Social Services cannot provide reasonable assurance that the agency has complied with pass-through entity federal requirements at 2 CFR § 200.332. Because of the scope of this matter and the magnitude of Social Services’ subrecipient monitoring responsibilities, we consider these weaknesses collectively to create a material weakness in internal control over compliance. Since the prior audit, Compliance and Social Services’ Executive Team have worked together to discuss solutions to address this audit finding. Social Services is considering procuring a grants management system and Compliance has worked with the agency’s Division of Information Technology to determine whether it can utilize this system to fulfil its subrecipient monitoring responsibilities. Compliance has also discussed the need for additional staff to assist with subrecipient monitoring oversight with the Executive Team. However, Compliance has not implemented these corrective actions as of the end of fiscal year 2023 because of the level of effort and considerations involved with these corrective actions. Therefore, Compliance should continue to work with the Executive Team to make sure that it has the appropriate level of resources to fulfil its responsibilities in the Agency Monitoring Plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-099: Communicate Responsibilities to Subrecipient Monitoring Coordinators Applicable to: Department of Social Services Prior Year Finding Number: 2022-012; 2021-069; 2020-076 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Compliance has not communicated responsibilities to subrecipient monitoring coordinators, as required by the Agency Monitoring Plan. Compliance’s Agency Monitoring Plan serves as a guide in the development, implementation, and coordination of division monitoring plans and aims to address accountability and provide consistency in monitoring activities across all Social Services’ divisions and offices. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds from roughly 5,400 subawards. Title 2 CFR § 200.332(d) requires pass-through entities to monitor the activities of subrecipients as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Further, 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Since the prior audit, Compliance has updated and finalized the Agency Monitoring Plan but has been unable to communicate it to the subrecipient monitoring coordinators because of a lack of available resources. Without communicating responsibilities to subrecipient monitoring coordinators, Compliance cannot provide assurance that Social Services adequately monitors all its subrecipients to ensure they are achieving program objectives or complying with federal requirements. Compliance should continue to work with Social Services’ Executive Team to obtain the appropriate resources so that it can communicate responsibilities to subrecipient monitoring coordinators. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-099: Communicate Responsibilities to Subrecipient Monitoring Coordinators Applicable to: Department of Social Services Prior Year Finding Number: 2022-012; 2021-069; 2020-076 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Compliance has not communicated responsibilities to subrecipient monitoring coordinators, as required by the Agency Monitoring Plan. Compliance’s Agency Monitoring Plan serves as a guide in the development, implementation, and coordination of division monitoring plans and aims to address accountability and provide consistency in monitoring activities across all Social Services’ divisions and offices. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds from roughly 5,400 subawards. Title 2 CFR § 200.332(d) requires pass-through entities to monitor the activities of subrecipients as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Further, 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Since the prior audit, Compliance has updated and finalized the Agency Monitoring Plan but has been unable to communicate it to the subrecipient monitoring coordinators because of a lack of available resources. Without communicating responsibilities to subrecipient monitoring coordinators, Compliance cannot provide assurance that Social Services adequately monitors all its subrecipients to ensure they are achieving program objectives or complying with federal requirements. Compliance should continue to work with Social Services’ Executive Team to obtain the appropriate resources so that it can communicate responsibilities to subrecipient monitoring coordinators. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-099: Communicate Responsibilities to Subrecipient Monitoring Coordinators Applicable to: Department of Social Services Prior Year Finding Number: 2022-012; 2021-069; 2020-076 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Compliance has not communicated responsibilities to subrecipient monitoring coordinators, as required by the Agency Monitoring Plan. Compliance’s Agency Monitoring Plan serves as a guide in the development, implementation, and coordination of division monitoring plans and aims to address accountability and provide consistency in monitoring activities across all Social Services’ divisions and offices. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds from roughly 5,400 subawards. Title 2 CFR § 200.332(d) requires pass-through entities to monitor the activities of subrecipients as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Further, 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Since the prior audit, Compliance has updated and finalized the Agency Monitoring Plan but has been unable to communicate it to the subrecipient monitoring coordinators because of a lack of available resources. Without communicating responsibilities to subrecipient monitoring coordinators, Compliance cannot provide assurance that Social Services adequately monitors all its subrecipients to ensure they are achieving program objectives or complying with federal requirements. Compliance should continue to work with Social Services’ Executive Team to obtain the appropriate resources so that it can communicate responsibilities to subrecipient monitoring coordinators. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.