Federal Agency: U.S. Department of the Treasury Federal Program Name: • Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: • 21.027 Federal Award Identification Number: SLFRP0126 Pass-Through Agency: State of Colorado Department of Human Services (CDHS), Signal Behavioral Health Network, and City and Country of Broomfield Department of Health and Human Services Pass-Through Number(s): N/A Award Period: 7/1/2022 – 6/30/2023 Type of Finding: • Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or specific requirement: According to § 2 CFR 200.332 Requirements for Pass-through Entities, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Condition: The Organization lacked a process to complete a risk assessment that would allow the Organization to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Questioned costs: None. Context: We noted the Organization is not in compliance with requirements defined within 2 CFR §200.332(b). Cause: The Organization lacks established internal controls and procedures that ensure a complete risk assessment is performed on all Subrecipients. Effect: The lack of internal controls over this compliance requirement provides an opportunity for noncompliance. Repeat Finding: Yes - Modified: 2022-004 Recommendation: The Organization created a Subrecipient Monitoring Policy in fiscal year 2023 to include performing subrecipient risk assessments on all subrecipient relationships entered into by the Organization. As part of the Organization’s subrecipient monitoring process it received an incomplete audit report from a subrecipient and as a result the Organization was not aware of the audit findings the subrecipient had received. We recommend the Organization utilize the federal audit clearinghouse to verify the audit reports the subrecipients are providing. Views of responsible officials: Management concurs with the audit finding. Subrecipient monitoring was performed per the existing policy but the subrecipient provided inaccurate information on the monitoring questionnaire and incomplete audit information. The information provided by the subrecipient was not verified against the Federal Audit Clearinghouse. The risk assessment policy will be updated to ensure that information provided by subrecipients is verified against the Federal Audit Clearinghouse to ensure a complete risk assessment is performed.
Noncompliance and Significant Deficiency in Internal Controls over Compliance for Subrecipient Monitoring Identification data: U.S. Department of Health and Human Services (HHS) – Mental and Behavioral Health Education and Training Grants, Assistance Listing No. 93.732, Agreement Identifying No. M0142518. Criteria: Title 2 CFR §200.332 describes subrecipient monitoring requirements for pass-through entities, which include the requirement that pass-through entities ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes but is not limited to: • Subrecipient name (which must match the name associated with its unique entity identifier); • Subrecipient's unique entity identifier; • Federal Award Identification Number (FAIN); • Subaward Period of Performance Start and End Date; • Subaward Budget Period Start and End Date; • Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; • Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; • Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); • Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; • Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; • Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. • All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; • Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports; • A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and • Appropriate terms and conditions concerning closeout of the subaward. Condition: The Organization did not have a process of generating a subaward agreement that was in compliance with the criteria listed above. Cause: A breakdown in the Organization’s internal controls over subrecipient monitoring did not allow the Organization to fully meet the subrecipient monitoring requirements under the program. Effect or potential effect: The control deficiency is a significant deficiency that prevented the Organization from fully complying with the subrecipient monitoring requirements of the program. Identification of a Repeat Finding: New finding. Recommendation: The Organization should review its system of internal control over subrecipient monitoring to determine improvements that can be made to ensure the Organization has agreements that meet the required criteria identified above. Views of Responsible Officials: The Organization misunderstood the directions given by the Grants Management Specialist in this instance. The Organization has reviewed the requirements of Compliance for Subrecipient Monitoring and has controls in place to ensure those requirements are followed.
2023-001 - Subrecipient Monitoring Federal Program Information: U.S. Department of Education Passed through the State of Vermont Agency of Education ALN: 84.425 - Education Stabilization Fund Criteria: The following CFR(s) apply to this finding: 2 CFR 200.332(a) Condition: During audit procedures, it was identified that the Union did not have compliant subrecipient awards. Cause: The Union does not have a process to provide subawards to subrecipients. Effect: Subrecipient awards are not executed in compliance with the requirement above. Identification of Questioned Costs: None identified. Context: There were two subrecipents. It was determined that the Union did not have subawards for either subrecipient. This is not a statistically valid sample. Repeat Finding: This is not a repeat finding. Recommendation: It is recommended that the Union implements processes and procedures to ensure that they are following the criteria above. Views of Responsible Officials and Corrective Action Plan: Client agrees with finding, and the unabridged version of their response can be found in the Corrective Action Plan. Please see the Corrective Action Plan issued by the Two Rivers Supervisory Union.
2023-001 - Subrecipient Monitoring Federal Program Information: U.S. Department of Education Passed through the State of Vermont Agency of Education ALN: 84.425 - Education Stabilization Fund Criteria: The following CFR(s) apply to this finding: 2 CFR 200.332(a) Condition: During audit procedures, it was identified that the Union did not have compliant subrecipient awards. Cause: The Union does not have a process to provide subawards to subrecipients. Effect: Subrecipient awards are not executed in compliance with the requirement above. Identification of Questioned Costs: None identified. Context: There were two subrecipents. It was determined that the Union did not have subawards for either subrecipient. This is not a statistically valid sample. Repeat Finding: This is not a repeat finding. Recommendation: It is recommended that the Union implements processes and procedures to ensure that they are following the criteria above. Views of Responsible Officials and Corrective Action Plan: Client agrees with finding, and the unabridged version of their response can be found in the Corrective Action Plan. Please see the Corrective Action Plan issued by the Two Rivers Supervisory Union.
2023-004 (2019-015) SUBRECIPIENT MONITORING – Repeated and Modified Federal Agency: U.S. Department of Homeland Security/FEMA Federal Program Title & Assistance Listing Number: Homeland Security Grant Program – 97.067 Award Period: Various Type of Finding: Significant Deficiency in Internal Control over Compliance Other Non-compliance Condition During our testing, we noted the Department did not have adequate internal controls in place to ensure compliance with subrecipient monitoring. • Homeland Security Grant Program – 97.067 o This program of the Department lacked evidence that a risk assessment was performed for subrecipients as relates to the risk of noncompliance for those subawards subject to the Uniform Guidance. o This program of the Department lacked evidence that reviews of audits of subrecipients were performed that would allow the Department to identify any potential deficiencies that would require follow-up. Management’s Progress for Repeated Findings: Management made some progress in the performing of risk assessments and reviews of audits for Emergency Management Performance Grants, Disaster Grants – Public Assistance, and Pre-Disaster Mitigation programs. In other areas noted above, management has not yet implemented adequate controls to resolve the finding from the prior years. Criteria According to §200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 Management Decision. Department Policy No. GRA 418 Sub-Grant Recipient Monitoring effective June 30, 2017 establishes and implements policy and procedures for the Department staff engaged in the Department’s sub-grant recipient monitoring process. For Mitigation Sub-Grant Monitoring, the Mitigation Specialist shall review the local progress quarterly reports due to the Department. For Non-Disaster Sub-Grant Recipient Monitoring, the Program Manager shall review the local progress quarterly reports due to the Department. Specific to Pre-Monitoring Requirements and Considerations, Department Program Staff shall perform risk-based assessments and apply the assessment to all of the Department’s approved sub-recipients for monitoring purposes and risk designation. Effect The lack of internal controls over this compliance requirement provides an opportunity for noncompliance at the subrecipient level. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. Cause The Department lacks established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements.
Program Information Research and Development Cluster: ALN 47.076 NSF Robert Noyce Teacher Scholarship Program, ALN 93.213 Research and Training in Complementary and Alternative Medicine Federal Award Year: July 1, 2022 – June 30, 2023 Criteria or Requirement Title 2, U.S. Code of Federal Regulations Part 200 (2 CFR 200.332), Requirements for pass-through entities requires that all pass-through entities must verify that every subrecipient is audited (as required by 2 CFR Part 200 Subpart F) when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Title 200 part 2 CFR 200.303 states that the Institution, as a federal grant recipient, must “establish and maintain effective internal controls over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition found, including facts that support the deficiency identified in the finding and information to provide proper perspective for judging the prevalence and consequences of the finding For 3 subrecipients selected for testing, evidence of controls to ensure that subrecipients had been audited in accordance with by 2 CFR Part 200 Subpart F, or were not subject to audit, was not available. Cause and Possible Asserted Effect The University did not have sufficient controls over collection and review of audit reports of subrecipients under 2 CFR Part 200 Subpart F. Identification of questioned costs and how they were computed None Sample statistically valid The sample was not intended to be, and was not, a statistically valid sample. Repeat Finding from prior year The audit finding is not a repeat finding. Recommendation We recommend that the University strengthen its controls over monitoring of subrecipients, in order to ensure that audit reports of subrecipients under 2 CFR Part 200 Subpart F are obtained and timely reviewed. Views on responsible officials Pacific University acknowledges the importance of an effective control environment and closely monitors activities of subrecipients under federal awards. Pacific was able to demonstrate that the selected subrecipients had appropriate audits under Subpart F (or were not subject to such audits). However, the University will enhance controls related to tracking such compliance.
Program Information Research and Development Cluster: ALN 47.076 NSF Robert Noyce Teacher Scholarship Program, ALN 93.213 Research and Training in Complementary and Alternative Medicine Federal Award Year: July 1, 2022 – June 30, 2023 Criteria or Requirement Title 2, U.S. Code of Federal Regulations Part 200 (2 CFR 200.332), Requirements for pass-through entities requires that all pass-through entities must verify that every subrecipient is audited (as required by 2 CFR Part 200 Subpart F) when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Title 200 part 2 CFR 200.303 states that the Institution, as a federal grant recipient, must “establish and maintain effective internal controls over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition found, including facts that support the deficiency identified in the finding and information to provide proper perspective for judging the prevalence and consequences of the finding For 3 subrecipients selected for testing, evidence of controls to ensure that subrecipients had been audited in accordance with by 2 CFR Part 200 Subpart F, or were not subject to audit, was not available. Cause and Possible Asserted Effect The University did not have sufficient controls over collection and review of audit reports of subrecipients under 2 CFR Part 200 Subpart F. Identification of questioned costs and how they were computed None Sample statistically valid The sample was not intended to be, and was not, a statistically valid sample. Repeat Finding from prior year The audit finding is not a repeat finding. Recommendation We recommend that the University strengthen its controls over monitoring of subrecipients, in order to ensure that audit reports of subrecipients under 2 CFR Part 200 Subpart F are obtained and timely reviewed. Views on responsible officials Pacific University acknowledges the importance of an effective control environment and closely monitors activities of subrecipients under federal awards. Pacific was able to demonstrate that the selected subrecipients had appropriate audits under Subpart F (or were not subject to such audits). However, the University will enhance controls related to tracking such compliance.
2023–011 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of the Interior Abandoned Mine Land Reclamation (AMLR) 15.252, Grant Award S16AF20058, Grant Award S18AF20000, Grant Award S19AF20000, Grant Award S19AF20020, Grant Award S20AF20008, Grant Award S20AF20038, Grant Award S20AF20094, Grant Award S21AF10040, Grant Award S22AF00013, Grant Award S22AF00039, Grant Award S23AF00013, Grant Award S23AF00059, Grant Award S23AF00107 Criteria or specific requirement (including statutory, regulatory or other citation): 2 CFR 200.303 requires that the non-federal entity must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR 200.332(b) requires that all pass-through entities must: (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). Condition: We noted that the West Virginia Department of Environmental Protection (the Department) did not perform a subrecipient risk assessment. Therefore, the Department was unable to provide documentation supporting that the level of monitoring to be completed for each subrecipient was appropriate based on the risk assessment. Cause: The Department does not have policies and procedures in place surrounding the subrecipient monitoring compliance requirements and a risk assessment of subrecipients was not performed during the current fiscal year. Effect or Potential Effect: The Department does not have proper internal controls in place to ensure risk assessments are performed annually for all subrecipients. Questioned Costs: Unknown Context: Total federal expenditures and total subrecipient expenditures for the AMLR Grants program were $29,631,143 and $12,283,714, respectively, for the year ended June 30, 2023. There were 24 subrecipients during the year ended June 30, 2023. Identification as a Repeat Finding: This is not a repeat finding from the prior year. Recommendation: We recommend that the Department implement written policies and procedures to perform an annual risk assessment of subrecipients to determine the proper extent of monitoring procedures. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
2023–038 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of Health and Human Services Temporary Assistance for Needy Families (TANF) 93.558/COVID-19 93.558, Grant Award 2022 – 2201WVTANF, Grant Award 2023 – 2301WVTANF Criteria or specific requirement (including statutory, regulatory or other citation): 2 CFR 200.303 requires that the non-federal entity must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR 200.332(a) requires that a pass-through entity “Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward.” Required information includes the Federal Award Identification Number (FAIN). Condition: For four of four subawards selected for testing for subrecipient monitoring, the West Virginia Department of Education (DOE) did not communicate the FAIN to the subrecipient in the subaward. Cause: There are insufficient internal controls in place surrounding what information is included in the subaward. Effect or Potential Effect: The DOE is not providing required information to their subrecipients and therefore, not complying with federal regulations. Questioned Costs: Unknown Context: The federal expenditures and subrecipient expenditures for TANF for the fiscal year ended June 30, 2023, were $85,510,454, and $18,789,521, respectively. Identification as a Repeat Finding: This is not a repeat finding from the prior year. Recommendation: We recommend that DOE implement policies and procedures to ensure that the subawards include all requirements information to be communication to subrecipients in line with federal regulations. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
2023–038 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of Health and Human Services Temporary Assistance for Needy Families (TANF) 93.558/COVID-19 93.558, Grant Award 2022 – 2201WVTANF, Grant Award 2023 – 2301WVTANF Criteria or specific requirement (including statutory, regulatory or other citation): 2 CFR 200.303 requires that the non-federal entity must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR 200.332(a) requires that a pass-through entity “Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward.” Required information includes the Federal Award Identification Number (FAIN). Condition: For four of four subawards selected for testing for subrecipient monitoring, the West Virginia Department of Education (DOE) did not communicate the FAIN to the subrecipient in the subaward. Cause: There are insufficient internal controls in place surrounding what information is included in the subaward. Effect or Potential Effect: The DOE is not providing required information to their subrecipients and therefore, not complying with federal regulations. Questioned Costs: Unknown Context: The federal expenditures and subrecipient expenditures for TANF for the fiscal year ended June 30, 2023, were $85,510,454, and $18,789,521, respectively. Identification as a Repeat Finding: This is not a repeat finding from the prior year. Recommendation: We recommend that DOE implement policies and procedures to ensure that the subawards include all requirements information to be communication to subrecipients in line with federal regulations. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
2023–047 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of Health and Human Services Low-Income Home Energy Assistance 93.568/COVID-19 93.568, Grant Award G-2101WVE5C6, Grant Award G-2201WVLIEA, Grant Award G-2201WVLIEI, Grant Award G-2301WVLIEE, Grant Award G-2301WVLIEA, Grant Award G-2301WVLIEI Criteria or specific requirement (including statutory, regulatory or other citation): 2 CFR 200.303 requires that the non-federal entity must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).” Per 2 CFR 200.332(f), “All pass-through entities must: Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501.” Condition: During our testing of subrecipient monitoring for subrecipients subject to Uniform Guidance Audit Requirements, it was noted that for the five subrecipients selected that were subject to audit requirements, the management of the West Virginia Community Advancement and Development (WV CAD) was unable to provide supporting documentation that verified the agency performed due diligence to ensure that the subrecipients were properly audited in accordance with the provisions of 2 CFR 200.332(f). Cause: There was lack of supporting documentation provided to properly determine whether the WV CAD management properly verified whether all subrecipients had been audited that were required to be under the requirements of 2 CFR 200.332(f). Effect or Potential Effect: The WV CAD does not have proper internal controls in place to ensure policies and procedures surrounding subrecipient monitoring compliance requirements are in effect. The WV CAD does not have evidence to support that all subrecipients that were required to be audited were done so properly; therefore, this could result in subrecipients required to be audited not having an audit completed. Questioned Costs: N/A Context: Total expenditures and total subrecipient expenditures for the Low-Income Home Energy Assistance program for the year ended June 30, 2023, were $78,229,389 and $17,209,504, respectively. There were 16 total subrecipients and all 5 selected for testing were unable to provide information to support due diligence procedures over subrecipients. Identification as a Repeat Finding: This is not a repeat finding from the prior year. Recommendation: We recommend that the WV CAD management review policies and procedures for sufficiency and commit appropriate personnel to subrecipient monitoring to ensure they are in compliance with all federal requirements. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
2023–047 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of Health and Human Services Low-Income Home Energy Assistance 93.568/COVID-19 93.568, Grant Award G-2101WVE5C6, Grant Award G-2201WVLIEA, Grant Award G-2201WVLIEI, Grant Award G-2301WVLIEE, Grant Award G-2301WVLIEA, Grant Award G-2301WVLIEI Criteria or specific requirement (including statutory, regulatory or other citation): 2 CFR 200.303 requires that the non-federal entity must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).” Per 2 CFR 200.332(f), “All pass-through entities must: Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501.” Condition: During our testing of subrecipient monitoring for subrecipients subject to Uniform Guidance Audit Requirements, it was noted that for the five subrecipients selected that were subject to audit requirements, the management of the West Virginia Community Advancement and Development (WV CAD) was unable to provide supporting documentation that verified the agency performed due diligence to ensure that the subrecipients were properly audited in accordance with the provisions of 2 CFR 200.332(f). Cause: There was lack of supporting documentation provided to properly determine whether the WV CAD management properly verified whether all subrecipients had been audited that were required to be under the requirements of 2 CFR 200.332(f). Effect or Potential Effect: The WV CAD does not have proper internal controls in place to ensure policies and procedures surrounding subrecipient monitoring compliance requirements are in effect. The WV CAD does not have evidence to support that all subrecipients that were required to be audited were done so properly; therefore, this could result in subrecipients required to be audited not having an audit completed. Questioned Costs: N/A Context: Total expenditures and total subrecipient expenditures for the Low-Income Home Energy Assistance program for the year ended June 30, 2023, were $78,229,389 and $17,209,504, respectively. There were 16 total subrecipients and all 5 selected for testing were unable to provide information to support due diligence procedures over subrecipients. Identification as a Repeat Finding: This is not a repeat finding from the prior year. Recommendation: We recommend that the WV CAD management review policies and procedures for sufficiency and commit appropriate personnel to subrecipient monitoring to ensure they are in compliance with all federal requirements. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
2023–055 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of Homeland Security Disaster Grants – Public Assistance (Presidentially Declared Disasters) 97.036, Grant Award FEMA–4273-DR–WV, Grant Award FEMA–4331-DR–WV, Grant Award FEMA–4359-DR–WV, Grant Award FEMA–4378-DR–WV, Grant Award FEMA–4455-DR–WV, Grant Award FEMA–4517-DR–WV, Grant Award FEMA–4603-DR–WV, Grant Award FEMA–4605-DR–WV Criteria or specific requirement (including statutory, regulatory or other citation): 2 CFR 200.303 requires that the West Virginia Division of Emergency Management (DEM) must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR 200.332(b) requires that all pass-through entities must: (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). 2 CFR 200.332(f) required that all pass-through entities must “verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in Section 200.501.” Condition: The School Building Authority (SBA) did not perform subrecipient risk assessments. Additionally, SBA did not verify if subrecipients subject to be audited per 2 CFR 200.332(f) were audited as required. Cause: SBA does not have proper policies and procedures in place surrounding the subrecipient monitoring compliance requirements. Effect or Potential Effect: SBA is not in compliance with the subrecipient monitoring compliance requirements. Questioned Costs: Unknown Context: Total federal expenditures for the Disaster Grants – Public Assistance (Presidentially Declared Disasters) program were $123,949,127 for the year ended June 30, 2023. SBA had two subrecipients with subrecipient expenditures totaling $45,615,370 for the year ended June 30, 2023. Identification as a Repeat Finding: Prior Year Finding 2022–043 Recommendation: We recommend that SBA implement policies and procedures surrounding subrecipient monitoring to ensure they are in compliance with the subrecipient monitoring compliance requirements. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
2023–055 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of Homeland Security Disaster Grants – Public Assistance (Presidentially Declared Disasters) 97.036, Grant Award FEMA–4273-DR–WV, Grant Award FEMA–4331-DR–WV, Grant Award FEMA–4359-DR–WV, Grant Award FEMA–4378-DR–WV, Grant Award FEMA–4455-DR–WV, Grant Award FEMA–4517-DR–WV, Grant Award FEMA–4603-DR–WV, Grant Award FEMA–4605-DR–WV Criteria or specific requirement (including statutory, regulatory or other citation): 2 CFR 200.303 requires that the West Virginia Division of Emergency Management (DEM) must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR 200.332(b) requires that all pass-through entities must: (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). 2 CFR 200.332(f) required that all pass-through entities must “verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in Section 200.501.” Condition: The School Building Authority (SBA) did not perform subrecipient risk assessments. Additionally, SBA did not verify if subrecipients subject to be audited per 2 CFR 200.332(f) were audited as required. Cause: SBA does not have proper policies and procedures in place surrounding the subrecipient monitoring compliance requirements. Effect or Potential Effect: SBA is not in compliance with the subrecipient monitoring compliance requirements. Questioned Costs: Unknown Context: Total federal expenditures for the Disaster Grants – Public Assistance (Presidentially Declared Disasters) program were $123,949,127 for the year ended June 30, 2023. SBA had two subrecipients with subrecipient expenditures totaling $45,615,370 for the year ended June 30, 2023. Identification as a Repeat Finding: Prior Year Finding 2022–043 Recommendation: We recommend that SBA implement policies and procedures surrounding subrecipient monitoring to ensure they are in compliance with the subrecipient monitoring compliance requirements. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
Federal Agency: U.S. Department of Treasury Federal Program Name: Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Emergency Rental Assistance Program Assistance Listing Number: 21.027 and 21.023 Federal Award Identification Numberand Year: ALN 21.027 -Pub. L. No. 117-2 2021 ALN 21.023 -ERA0335 2021 Award Period: ALN 21.027 - 5/10/2021 - 12/31/2026 ALN 21.023 - 1/20/2021 - 9/30/2022 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: According to§ 200.303 Internal controls of 2 CFR Part 200, the non-federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. According to § 200.331 Subrecipient and contractor determinations of 2 CFR Part 200, a pass-through entity must make case-by case determinations whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. According to § 200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must: • Evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. • Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. • Verify that every subrecipient is audited as required by Subpart F ohhis part when it is expected that the subrecipient's federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in§ 200.501. • Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. According to the City's subrecipient monitoring policies and procedures, monitoring of subrecipients shall be conducted as often as may be required at the discretion of the Community Development Division or at least once per program year. An annual Risk Assessment will be completed to determine a ranking for the activity. The Risk Assessment ranking score will determine whether a monitoring review will occur. According to the City's Sub-recipient Agreement, the Sub-recipient will provide to the Department of Family and Community Services cumulative quarterly program performance reports covering the Services provided under this Agreement. Reports are due no later than fifteen (15) days after the end of the reporting quarter, and shall be in accordance with City of Albuquerque reporting instructions. Condition: During our testing, it was noted that the City did not follow federal subrecipient monitoring and management regulation nor its subrecipient monitoring policies and procedures. Management's Progress for Repeat Findings: This is a repeated and modified.finding. While the City has improved its efforts, there are still opportunities for improvement to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements as well as compliance with City policy. Questioned costs: None Context: During our testing, we noted the following exceptions related to subrecipient monitoring. ALN 21.027 • For one of the five subrecipients, the City did not utilize the risk assessment tool specific to ARPA which does have a different risk assessment ranking score determining the monitoring of the subrecipient. The City did, however, perform a monitoring visit for the subrecipient. • For one of the five subrecipients, the City was unable to locate the subrecipient/contract determination worksheet. • For one of the five subrecipients, the City was unable to locate the quarterly program performance reports submitted by the subrecipient. ALN 21.023 • For one of the five subrecipients, the most recent annual audit report for the year ended June 30, 2022 was not reviewed by the City nor included in the risk assessment. Cause: The City does not have sufficient internal controls to ensure appropriate risk assessment and subrecipient monitoring. Effect: The auditor noted instances of noncompliance. Recommendation: The City has developed standard City-wide subrecipient management and monitoring policies and procedures effective June 2023. We recommend the City design controls to ensure departments are abiding by the subrecipient management and monitoring policies and procedures including Individual departments that develop their own department specific and/or grant-specific subrecipient management policies and procedures. Management Response: The City agrees with the finding. The City's Grant Administrator will provide training to each City department which currently oversees subrecipients, ensuring that all department staff understand general and ARPA-specific subrecipient requirements. Additionally, the Grant Administrator will review City departments' subrecipient management checklists to ensure all required documentation is obtained from subrecipients and reviewed as required. This will be complete by June 30, 2024. Timeline and Responsible Position: June 2024 - Grants Administrator
Federal Agency: U.S. Department of Treasury Federal Program Name: Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Emergency Rental Assistance Program Assistance Listing Number: 21.027 and 21.023 Federal Award Identification Numberand Year: ALN 21.027 -Pub. L. No. 117-2 2021 ALN 21.023 -ERA0335 2021 Award Period: ALN 21.027 - 5/10/2021 - 12/31/2026 ALN 21.023 - 1/20/2021 - 9/30/2022 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: According to§ 200.303 Internal controls of 2 CFR Part 200, the non-federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. According to § 200.331 Subrecipient and contractor determinations of 2 CFR Part 200, a pass-through entity must make case-by case determinations whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. According to § 200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must: • Evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. • Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. • Verify that every subrecipient is audited as required by Subpart F ohhis part when it is expected that the subrecipient's federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in§ 200.501. • Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. According to the City's subrecipient monitoring policies and procedures, monitoring of subrecipients shall be conducted as often as may be required at the discretion of the Community Development Division or at least once per program year. An annual Risk Assessment will be completed to determine a ranking for the activity. The Risk Assessment ranking score will determine whether a monitoring review will occur. According to the City's Sub-recipient Agreement, the Sub-recipient will provide to the Department of Family and Community Services cumulative quarterly program performance reports covering the Services provided under this Agreement. Reports are due no later than fifteen (15) days after the end of the reporting quarter, and shall be in accordance with City of Albuquerque reporting instructions. Condition: During our testing, it was noted that the City did not follow federal subrecipient monitoring and management regulation nor its subrecipient monitoring policies and procedures. Management's Progress for Repeat Findings: This is a repeated and modified.finding. While the City has improved its efforts, there are still opportunities for improvement to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements as well as compliance with City policy. Questioned costs: None Context: During our testing, we noted the following exceptions related to subrecipient monitoring. ALN 21.027 • For one of the five subrecipients, the City did not utilize the risk assessment tool specific to ARPA which does have a different risk assessment ranking score determining the monitoring of the subrecipient. The City did, however, perform a monitoring visit for the subrecipient. • For one of the five subrecipients, the City was unable to locate the subrecipient/contract determination worksheet. • For one of the five subrecipients, the City was unable to locate the quarterly program performance reports submitted by the subrecipient. ALN 21.023 • For one of the five subrecipients, the most recent annual audit report for the year ended June 30, 2022 was not reviewed by the City nor included in the risk assessment. Cause: The City does not have sufficient internal controls to ensure appropriate risk assessment and subrecipient monitoring. Effect: The auditor noted instances of noncompliance. Recommendation: The City has developed standard City-wide subrecipient management and monitoring policies and procedures effective June 2023. We recommend the City design controls to ensure departments are abiding by the subrecipient management and monitoring policies and procedures including Individual departments that develop their own department specific and/or grant-specific subrecipient management policies and procedures. Management Response: The City agrees with the finding. The City's Grant Administrator will provide training to each City department which currently oversees subrecipients, ensuring that all department staff understand general and ARPA-specific subrecipient requirements. Additionally, the Grant Administrator will review City departments' subrecipient management checklists to ensure all required documentation is obtained from subrecipients and reviewed as required. This will be complete by June 30, 2024. Timeline and Responsible Position: June 2024 - Grants Administrator
FINDING 2023-001 Subject: Research and Development Cluster - Subrecipient Monitoring Federal Agencies: National Science Foundation, US Department of Education Federal Programs: Social, Behavioral, and Economic Sciences; Higher Education Institutional Aid Assistance Listings Numbers: 47.075, 84.031 Federal Award Numbers and Years (or Other Identifying Numbers): 1759694, P031F180072 Compliance Requirement: Subrecipient Monitoring Audit Findings: Material Weakness, Other Matters Condition and Context The University expended $1,076,005 in Research and Development funds during the audit period. Of that amount, $86,788 was passed through to five subrecipients. As a pass-through entity, the University was required to identify the award and applicable requirements and monitor the subrecipient. Procedures to monitor its subrecipients included the following: Reviewing financial and programmatic reports as required by the University. Following up and ensuring the subrecipient takes timely and appropriate actions on all deficiencies pertaining to the federal award provided to the subrecipient detected through audits, on-site reviews, and other means. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient. All five subrecipients expended more than $750,000 in federal awards in fiscal year 2022, thus subjecting each to a Single Audit as required by the Uniform Guidance. As such, each subrecipient was required to submit its Single Audit report to the Federal Audit Clearinghouse (FAC) by March 31, 2023. In November 2023, eight months after the subrecipients' report submission deadline, the University completed the review of the fiscal year 2022 audit reports for all five subrecipients. The delayed monitoring would not have allowed the University to follow up and ensure that the subrecipients took timely and appropriate action on all deficiencies pertaining to the federal awards passed through to the subrecipients from the University. In addition, it would not have allowed for the University to issue a management decision for audit findings pertaining to the federal award provided to the subrecipient within six months of acceptance by the FAC. The lack of effective internal controls and noncompliance, as related to the monitoring of the five subrecipients, were systemic issues throughout the audit period. INDIANA STATE BOARD OF ACCOUNTS 15 INDIANA STATE UNIVERSITY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.332 states in part: "All pass-through entities must: . . . (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: . . . (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. . . ." 2 CFR 200.521(d) states in part: "The federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. . . ." Cause The system of internal controls as developed by management of the University was not properly implemented to ensure that subrecipient audit reports were received and reviewed in a timely manner. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, subrecipients to whom payments were made were not adequately monitored. The failure to establish a sufficient system of internal controls allowed noncompliance with the grant agreements and the Subrecipient Monitoring compliance requirement. INDIANA STATE BOARD OF ACCOUNTS 16 INDIANA STATE UNIVERSITY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Questioned Costs There were no questioned costs identified. Recommendation We recommended that the University's management establish a system of internal controls, including segregation of duties, related to the grant agreements and compliance requirements listed above. An internal control system, including segregation of duties, should be designed and operate effectively to provide reasonable assurance that material noncompliance with the grant agreement or a compliance requirement of a federal program will be prevented, or detected and corrected, on a timely basis. In order to have an effective internal control system, it is important to have proper segregation of duties. This is accomplished by making sure proper oversight, reviews, and approvals take place and to have a separation of functions over certain activities related to the program. The fundamental premise of segregation of duties is that an individual or small group of individuals should not be in a position to initiate, approve, undertake, and review the same activity. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2023-001 Subject: Research and Development Cluster - Subrecipient Monitoring Federal Agencies: National Science Foundation, US Department of Education Federal Programs: Social, Behavioral, and Economic Sciences; Higher Education Institutional Aid Assistance Listings Numbers: 47.075, 84.031 Federal Award Numbers and Years (or Other Identifying Numbers): 1759694, P031F180072 Compliance Requirement: Subrecipient Monitoring Audit Findings: Material Weakness, Other Matters Condition and Context The University expended $1,076,005 in Research and Development funds during the audit period. Of that amount, $86,788 was passed through to five subrecipients. As a pass-through entity, the University was required to identify the award and applicable requirements and monitor the subrecipient. Procedures to monitor its subrecipients included the following: Reviewing financial and programmatic reports as required by the University. Following up and ensuring the subrecipient takes timely and appropriate actions on all deficiencies pertaining to the federal award provided to the subrecipient detected through audits, on-site reviews, and other means. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient. All five subrecipients expended more than $750,000 in federal awards in fiscal year 2022, thus subjecting each to a Single Audit as required by the Uniform Guidance. As such, each subrecipient was required to submit its Single Audit report to the Federal Audit Clearinghouse (FAC) by March 31, 2023. In November 2023, eight months after the subrecipients' report submission deadline, the University completed the review of the fiscal year 2022 audit reports for all five subrecipients. The delayed monitoring would not have allowed the University to follow up and ensure that the subrecipients took timely and appropriate action on all deficiencies pertaining to the federal awards passed through to the subrecipients from the University. In addition, it would not have allowed for the University to issue a management decision for audit findings pertaining to the federal award provided to the subrecipient within six months of acceptance by the FAC. The lack of effective internal controls and noncompliance, as related to the monitoring of the five subrecipients, were systemic issues throughout the audit period. INDIANA STATE BOARD OF ACCOUNTS 15 INDIANA STATE UNIVERSITY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.332 states in part: "All pass-through entities must: . . . (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: . . . (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. . . ." 2 CFR 200.521(d) states in part: "The federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. . . ." Cause The system of internal controls as developed by management of the University was not properly implemented to ensure that subrecipient audit reports were received and reviewed in a timely manner. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, subrecipients to whom payments were made were not adequately monitored. The failure to establish a sufficient system of internal controls allowed noncompliance with the grant agreements and the Subrecipient Monitoring compliance requirement. INDIANA STATE BOARD OF ACCOUNTS 16 INDIANA STATE UNIVERSITY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Questioned Costs There were no questioned costs identified. Recommendation We recommended that the University's management establish a system of internal controls, including segregation of duties, related to the grant agreements and compliance requirements listed above. An internal control system, including segregation of duties, should be designed and operate effectively to provide reasonable assurance that material noncompliance with the grant agreement or a compliance requirement of a federal program will be prevented, or detected and corrected, on a timely basis. In order to have an effective internal control system, it is important to have proper segregation of duties. This is accomplished by making sure proper oversight, reviews, and approvals take place and to have a separation of functions over certain activities related to the program. The fundamental premise of segregation of duties is that an individual or small group of individuals should not be in a position to initiate, approve, undertake, and review the same activity. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
Assistance Listing Number, Federal Agency, and Program Name - U.S. Department of Labor H-1B Job Training Grants (ALN 17.268) and WIA/WIOA Pilots, Demonstrations, and Research Projects Strengthening Community Colleges Training Grants (ALN 17.261). Federal Award Identification Number and Year - HG-35916-21-60-A-26 and MI-35900-21-60-A-26. Pass-through Entity - None. Finding Type - Significant deficiency. Repeat Finding - No. Criteria - A passthrough entity must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass through entity must provide the best information available to describe the Federal award and subaward. Required information includes: (1) Federal award identification: (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient's unique entity identifier; (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (vi) Subaward Budget Period Start and End Date; (vii) Amount of Federal Funds Obligated by this action by the pass through entity to the subrecipient; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass through entity including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass through entity; (x) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi) Name of Federal awarding agency, pass through entity, and contact information for awarding official of the Pass through entity; (xii) Assistance Listings number and Title; the pass through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (xiii) Identification of whether the award is R&D; and (xiv) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. (2 CFR 200.332(a)). In addition, 2 CFR 200.332(d) states grantees are required to "Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Condition - The College had the following issues noted: (1) It did not include items (1)(ii) subrecipient's unique unique entity identifier and (1)(xi) Name of federal awarding agency, passthrough entity or contact information within their subrecipient agreement; (2) It was not monitoring the subrecipient budgets and performance plans to ensure objectives were met; and (3) It was not monitoring financial expenditures that were below planned thresholds. Questioned Costs - None. Context - There were 5 subrecipients for grant #17.268 and 6 subrecipients for grant #17.671. There was approval and review of expenditures submitted by all subrecipients on a timely basis. In addition, each subrecipient is required to complete and submit a quarterly narrative performance report which the College uses to prepare the quarterly narrative performance report submitted to the granting agency. Cause and Effect - The College did not have a system in place to monitor actual performance and financial measures against the planned activity as outlined in the subrecipient and grant agreements. The College was also not documenting the results of site visits of the subrecipients. Recommendation - The College should implement controls to have subrecipients track and report perfornance and financial for planned versus actual reporting on a monthly or quarterly basis. In addition, the College should complete a written report summarizing the results of each onsite visit to its subrecipients as required under Uniform Guidance. Views of Responsible Officials and Corrective Action Plan - Management agrees with the finding. The College has implemented a new Grants Administration Guide which covered initial risk assessment, subrecipient determination, subaward agreements, monitoring subrecipients and subrecipient reimbursements. In addition, the College has developed monthly metric reports for planned vs. actual outcomes which is to be completed by each subrecipient. The College has also scheduled formal site visits with each subrecipient to cover Financial status, metric verification, narrative overview and participant records and evaluation. A tool has been developed to summarize each site visit with recommendations. A written report will be provided to the subrecipients after each site visit.
Assistance Listing Number, Federal Agency, and Program Name - U.S. Department of Labor H-1B Job Training Grants (ALN 17.268) and WIA/WIOA Pilots, Demonstrations, and Research Projects Strengthening Community Colleges Training Grants (ALN 17.261). Federal Award Identification Number and Year - HG-35916-21-60-A-26 and MI-35900-21-60-A-26. Pass-through Entity - None. Finding Type - Significant deficiency. Repeat Finding - No. Criteria - A passthrough entity must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass through entity must provide the best information available to describe the Federal award and subaward. Required information includes: (1) Federal award identification: (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient's unique entity identifier; (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (vi) Subaward Budget Period Start and End Date; (vii) Amount of Federal Funds Obligated by this action by the pass through entity to the subrecipient; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass through entity including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass through entity; (x) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi) Name of Federal awarding agency, pass through entity, and contact information for awarding official of the Pass through entity; (xii) Assistance Listings number and Title; the pass through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (xiii) Identification of whether the award is R&D; and (xiv) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. (2 CFR 200.332(a)). In addition, 2 CFR 200.332(d) states grantees are required to "Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Condition - The College had the following issues noted: (1) It did not include items (1)(ii) subrecipient's unique unique entity identifier and (1)(xi) Name of federal awarding agency, passthrough entity or contact information within their subrecipient agreement; (2) It was not monitoring the subrecipient budgets and performance plans to ensure objectives were met; and (3) It was not monitoring financial expenditures that were below planned thresholds. Questioned Costs - None. Context - There were 5 subrecipients for grant #17.268 and 6 subrecipients for grant #17.671. There was approval and review of expenditures submitted by all subrecipients on a timely basis. In addition, each subrecipient is required to complete and submit a quarterly narrative performance report which the College uses to prepare the quarterly narrative performance report submitted to the granting agency. Cause and Effect - The College did not have a system in place to monitor actual performance and financial measures against the planned activity as outlined in the subrecipient and grant agreements. The College was also not documenting the results of site visits of the subrecipients. Recommendation - The College should implement controls to have subrecipients track and report perfornance and financial for planned versus actual reporting on a monthly or quarterly basis. In addition, the College should complete a written report summarizing the results of each onsite visit to its subrecipients as required under Uniform Guidance. Views of Responsible Officials and Corrective Action Plan - Management agrees with the finding. The College has implemented a new Grants Administration Guide which covered initial risk assessment, subrecipient determination, subaward agreements, monitoring subrecipients and subrecipient reimbursements. In addition, the College has developed monthly metric reports for planned vs. actual outcomes which is to be completed by each subrecipient. The College has also scheduled formal site visits with each subrecipient to cover Financial status, metric verification, narrative overview and participant records and evaluation. A tool has been developed to summarize each site visit with recommendations. A written report will be provided to the subrecipients after each site visit.
2023-097: Perform Responsibilities Outlined in the Agency Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-011; 2021-070; 2020-074; 2019-090; 2018-093 Type of Finding: Internal Control and Compliance Severity of Deficiency: Material Weakness Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.303(a); 2 CFR § 200.332 Known Questioned Costs: $0 Social Services’ Compliance Division (Compliance) continues to not adhere to its established approach to oversee the agency’s subrecipient monitoring activities, as outlined in its Agency Monitoring Plan. According to Social Services’ Organizational Structure Report, Compliance is responsible for agency-wide compliance and risk mitigation that helps to ensure adherence to state and federal legal and regulatory standards, including subrecipient monitoring. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds through roughly 5,400 subawards from 35 federal grant programs. During the audit, we noted the following deviations from the Agency Monitoring Plan: While Compliance has updated and finalized the Agency Monitoring Plan, it has not communicated it to Subrecipient Monitoring Coordinators in divisions with subrecipient monitoring responsibilities. Because of the lack of communication, there were deviations from the Agency Monitoring Plan at the division level. For example, the Agency Monitoring Plan requires each division to monitor subrecipients once every three years. However, the Local Review Team did not consider this requirement because Compliance did not communicate the Agency Monitoring Plan to Subrecipient Monitoring Coordinators. The Local Review Team did, however, implement a risk-based approach to monitoring subrecipients as required by the Agency Monitoring Plan. Compliance continues to not review division monitoring plans to ensure the divisions implement a risk-based approach for monitoring subrecipients. The Agency Monitoring Plan states that Compliance will use a Monitoring Plan Checklist to evaluate and determine if all the required elements for subrecipient monitoring are present in each division’s plan. Because of the lack of review, the Division of Benefit Programs’ (Benefit Programs) fiscal year 2023 monitoring plan did not meet all the requirements outlined in the Agency Monitoring Plan because it did not include a risk-based approach for subrecipient monitoring and did not consider all subrecipients who receive funding from the Temporary Assistance for Needy Families (TANF) federal grant program. Additionally, while the Office of New Americans has adequate subrecipient monitoring processes, it does not have a written monitoring plan as required by the Agency Monitoring Plan. Compliance continues to not analyze each division’s subrecipient monitoring activities. As a result, Compliance has not produced quarterly reports of variances and noncompliance to brief Social Services’ Executive Team on the agency’s subrecipient monitoring activities. Because of Compliance’s lack of analysis and communication, the Executive Team was unaware of the deviations noted above. Title 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Without performing the responsibilities in the Agency Monitoring Plan, Social Services cannot provide reasonable assurance that the agency has complied with pass-through entity federal requirements at 2 CFR § 200.332. Because of the scope of this matter and the magnitude of Social Services’ subrecipient monitoring responsibilities, we consider these weaknesses collectively to create a material weakness in internal control over compliance. Since the prior audit, Compliance and Social Services’ Executive Team have worked together to discuss solutions to address this audit finding. Social Services is considering procuring a grants management system and Compliance has worked with the agency’s Division of Information Technology to determine whether it can utilize this system to fulfil its subrecipient monitoring responsibilities. Compliance has also discussed the need for additional staff to assist with subrecipient monitoring oversight with the Executive Team. However, Compliance has not implemented these corrective actions as of the end of fiscal year 2023 because of the level of effort and considerations involved with these corrective actions. Therefore, Compliance should continue to work with the Executive Team to make sure that it has the appropriate level of resources to fulfil its responsibilities in the Agency Monitoring Plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-097: Perform Responsibilities Outlined in the Agency Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-011; 2021-070; 2020-074; 2019-090; 2018-093 Type of Finding: Internal Control and Compliance Severity of Deficiency: Material Weakness Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.303(a); 2 CFR § 200.332 Known Questioned Costs: $0 Social Services’ Compliance Division (Compliance) continues to not adhere to its established approach to oversee the agency’s subrecipient monitoring activities, as outlined in its Agency Monitoring Plan. According to Social Services’ Organizational Structure Report, Compliance is responsible for agency-wide compliance and risk mitigation that helps to ensure adherence to state and federal legal and regulatory standards, including subrecipient monitoring. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds through roughly 5,400 subawards from 35 federal grant programs. During the audit, we noted the following deviations from the Agency Monitoring Plan: While Compliance has updated and finalized the Agency Monitoring Plan, it has not communicated it to Subrecipient Monitoring Coordinators in divisions with subrecipient monitoring responsibilities. Because of the lack of communication, there were deviations from the Agency Monitoring Plan at the division level. For example, the Agency Monitoring Plan requires each division to monitor subrecipients once every three years. However, the Local Review Team did not consider this requirement because Compliance did not communicate the Agency Monitoring Plan to Subrecipient Monitoring Coordinators. The Local Review Team did, however, implement a risk-based approach to monitoring subrecipients as required by the Agency Monitoring Plan. Compliance continues to not review division monitoring plans to ensure the divisions implement a risk-based approach for monitoring subrecipients. The Agency Monitoring Plan states that Compliance will use a Monitoring Plan Checklist to evaluate and determine if all the required elements for subrecipient monitoring are present in each division’s plan. Because of the lack of review, the Division of Benefit Programs’ (Benefit Programs) fiscal year 2023 monitoring plan did not meet all the requirements outlined in the Agency Monitoring Plan because it did not include a risk-based approach for subrecipient monitoring and did not consider all subrecipients who receive funding from the Temporary Assistance for Needy Families (TANF) federal grant program. Additionally, while the Office of New Americans has adequate subrecipient monitoring processes, it does not have a written monitoring plan as required by the Agency Monitoring Plan. Compliance continues to not analyze each division’s subrecipient monitoring activities. As a result, Compliance has not produced quarterly reports of variances and noncompliance to brief Social Services’ Executive Team on the agency’s subrecipient monitoring activities. Because of Compliance’s lack of analysis and communication, the Executive Team was unaware of the deviations noted above. Title 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Without performing the responsibilities in the Agency Monitoring Plan, Social Services cannot provide reasonable assurance that the agency has complied with pass-through entity federal requirements at 2 CFR § 200.332. Because of the scope of this matter and the magnitude of Social Services’ subrecipient monitoring responsibilities, we consider these weaknesses collectively to create a material weakness in internal control over compliance. Since the prior audit, Compliance and Social Services’ Executive Team have worked together to discuss solutions to address this audit finding. Social Services is considering procuring a grants management system and Compliance has worked with the agency’s Division of Information Technology to determine whether it can utilize this system to fulfil its subrecipient monitoring responsibilities. Compliance has also discussed the need for additional staff to assist with subrecipient monitoring oversight with the Executive Team. However, Compliance has not implemented these corrective actions as of the end of fiscal year 2023 because of the level of effort and considerations involved with these corrective actions. Therefore, Compliance should continue to work with the Executive Team to make sure that it has the appropriate level of resources to fulfil its responsibilities in the Agency Monitoring Plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-097: Perform Responsibilities Outlined in the Agency Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-011; 2021-070; 2020-074; 2019-090; 2018-093 Type of Finding: Internal Control and Compliance Severity of Deficiency: Material Weakness Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.303(a); 2 CFR § 200.332 Known Questioned Costs: $0 Social Services’ Compliance Division (Compliance) continues to not adhere to its established approach to oversee the agency’s subrecipient monitoring activities, as outlined in its Agency Monitoring Plan. According to Social Services’ Organizational Structure Report, Compliance is responsible for agency-wide compliance and risk mitigation that helps to ensure adherence to state and federal legal and regulatory standards, including subrecipient monitoring. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds through roughly 5,400 subawards from 35 federal grant programs. During the audit, we noted the following deviations from the Agency Monitoring Plan: While Compliance has updated and finalized the Agency Monitoring Plan, it has not communicated it to Subrecipient Monitoring Coordinators in divisions with subrecipient monitoring responsibilities. Because of the lack of communication, there were deviations from the Agency Monitoring Plan at the division level. For example, the Agency Monitoring Plan requires each division to monitor subrecipients once every three years. However, the Local Review Team did not consider this requirement because Compliance did not communicate the Agency Monitoring Plan to Subrecipient Monitoring Coordinators. The Local Review Team did, however, implement a risk-based approach to monitoring subrecipients as required by the Agency Monitoring Plan. Compliance continues to not review division monitoring plans to ensure the divisions implement a risk-based approach for monitoring subrecipients. The Agency Monitoring Plan states that Compliance will use a Monitoring Plan Checklist to evaluate and determine if all the required elements for subrecipient monitoring are present in each division’s plan. Because of the lack of review, the Division of Benefit Programs’ (Benefit Programs) fiscal year 2023 monitoring plan did not meet all the requirements outlined in the Agency Monitoring Plan because it did not include a risk-based approach for subrecipient monitoring and did not consider all subrecipients who receive funding from the Temporary Assistance for Needy Families (TANF) federal grant program. Additionally, while the Office of New Americans has adequate subrecipient monitoring processes, it does not have a written monitoring plan as required by the Agency Monitoring Plan. Compliance continues to not analyze each division’s subrecipient monitoring activities. As a result, Compliance has not produced quarterly reports of variances and noncompliance to brief Social Services’ Executive Team on the agency’s subrecipient monitoring activities. Because of Compliance’s lack of analysis and communication, the Executive Team was unaware of the deviations noted above. Title 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Without performing the responsibilities in the Agency Monitoring Plan, Social Services cannot provide reasonable assurance that the agency has complied with pass-through entity federal requirements at 2 CFR § 200.332. Because of the scope of this matter and the magnitude of Social Services’ subrecipient monitoring responsibilities, we consider these weaknesses collectively to create a material weakness in internal control over compliance. Since the prior audit, Compliance and Social Services’ Executive Team have worked together to discuss solutions to address this audit finding. Social Services is considering procuring a grants management system and Compliance has worked with the agency’s Division of Information Technology to determine whether it can utilize this system to fulfil its subrecipient monitoring responsibilities. Compliance has also discussed the need for additional staff to assist with subrecipient monitoring oversight with the Executive Team. However, Compliance has not implemented these corrective actions as of the end of fiscal year 2023 because of the level of effort and considerations involved with these corrective actions. Therefore, Compliance should continue to work with the Executive Team to make sure that it has the appropriate level of resources to fulfil its responsibilities in the Agency Monitoring Plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-099: Communicate Responsibilities to Subrecipient Monitoring Coordinators Applicable to: Department of Social Services Prior Year Finding Number: 2022-012; 2021-069; 2020-076 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Compliance has not communicated responsibilities to subrecipient monitoring coordinators, as required by the Agency Monitoring Plan. Compliance’s Agency Monitoring Plan serves as a guide in the development, implementation, and coordination of division monitoring plans and aims to address accountability and provide consistency in monitoring activities across all Social Services’ divisions and offices. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds from roughly 5,400 subawards. Title 2 CFR § 200.332(d) requires pass-through entities to monitor the activities of subrecipients as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Further, 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Since the prior audit, Compliance has updated and finalized the Agency Monitoring Plan but has been unable to communicate it to the subrecipient monitoring coordinators because of a lack of available resources. Without communicating responsibilities to subrecipient monitoring coordinators, Compliance cannot provide assurance that Social Services adequately monitors all its subrecipients to ensure they are achieving program objectives or complying with federal requirements. Compliance should continue to work with Social Services’ Executive Team to obtain the appropriate resources so that it can communicate responsibilities to subrecipient monitoring coordinators. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-099: Communicate Responsibilities to Subrecipient Monitoring Coordinators Applicable to: Department of Social Services Prior Year Finding Number: 2022-012; 2021-069; 2020-076 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Compliance has not communicated responsibilities to subrecipient monitoring coordinators, as required by the Agency Monitoring Plan. Compliance’s Agency Monitoring Plan serves as a guide in the development, implementation, and coordination of division monitoring plans and aims to address accountability and provide consistency in monitoring activities across all Social Services’ divisions and offices. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds from roughly 5,400 subawards. Title 2 CFR § 200.332(d) requires pass-through entities to monitor the activities of subrecipients as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Further, 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Since the prior audit, Compliance has updated and finalized the Agency Monitoring Plan but has been unable to communicate it to the subrecipient monitoring coordinators because of a lack of available resources. Without communicating responsibilities to subrecipient monitoring coordinators, Compliance cannot provide assurance that Social Services adequately monitors all its subrecipients to ensure they are achieving program objectives or complying with federal requirements. Compliance should continue to work with Social Services’ Executive Team to obtain the appropriate resources so that it can communicate responsibilities to subrecipient monitoring coordinators. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-099: Communicate Responsibilities to Subrecipient Monitoring Coordinators Applicable to: Department of Social Services Prior Year Finding Number: 2022-012; 2021-069; 2020-076 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Compliance has not communicated responsibilities to subrecipient monitoring coordinators, as required by the Agency Monitoring Plan. Compliance’s Agency Monitoring Plan serves as a guide in the development, implementation, and coordination of division monitoring plans and aims to address accountability and provide consistency in monitoring activities across all Social Services’ divisions and offices. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds from roughly 5,400 subawards. Title 2 CFR § 200.332(d) requires pass-through entities to monitor the activities of subrecipients as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Further, 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Since the prior audit, Compliance has updated and finalized the Agency Monitoring Plan but has been unable to communicate it to the subrecipient monitoring coordinators because of a lack of available resources. Without communicating responsibilities to subrecipient monitoring coordinators, Compliance cannot provide assurance that Social Services adequately monitors all its subrecipients to ensure they are achieving program objectives or complying with federal requirements. Compliance should continue to work with Social Services’ Executive Team to obtain the appropriate resources so that it can communicate responsibilities to subrecipient monitoring coordinators. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-101: Verify that Monitoring Plan Includes All Subrecipient Programmatic Activities Applicable to: Department of Social Services Prior Year Finding Number: 2022-015 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558 Federal Award Number and Year: 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b); 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs fiscal year 2023 monitoring plan did not include all subrecipient programmatic activities for the TANF federal grant program. Benefit Programs’ primary programmatic activity for the TANF federal grant program is eligibility determination functions performed by local agencies. However, Benefit Programs also awards various competitive grants to local governments and non-profit organizations to help TANF recipients become self-sufficient. According to 2 CFR § 200.322(b) all pass-through entities are required to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Additionally, 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure it uses the subaward for authorized purposes, which comply with federal statutes, regulations, and the terms and conditions of the subaward; and that the subrecipient achieves subaward performance goals. Without including all programmatic activities in the monitoring plan, Benefit Programs cannot provide assurance that subrecipients used TANF federal grant funds for authorized purposes in compliance with federal statutes, regulations, and the terms and conditions of the subaward. In response to the prior year’s audit recommendation, Benefit Programs’ management analyzed all its programmatic activities and verified that they were incorporated into its fiscal year 2024 monitoring plan. As part of its corrective action, Benefit Programs’ management mandated that home office staff monitor subrecipients receiving TANF competitive grants once every three years and complete risk assessment procedures in other years to verify that there have not been any changes in the subrecipient’s risk profile. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that it includes all programmatic activities within its monitoring plan and that it conducts monitoring activities in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-101: Verify that Monitoring Plan Includes All Subrecipient Programmatic Activities Applicable to: Department of Social Services Prior Year Finding Number: 2022-015 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558 Federal Award Number and Year: 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b); 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs fiscal year 2023 monitoring plan did not include all subrecipient programmatic activities for the TANF federal grant program. Benefit Programs’ primary programmatic activity for the TANF federal grant program is eligibility determination functions performed by local agencies. However, Benefit Programs also awards various competitive grants to local governments and non-profit organizations to help TANF recipients become self-sufficient. According to 2 CFR § 200.322(b) all pass-through entities are required to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Additionally, 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure it uses the subaward for authorized purposes, which comply with federal statutes, regulations, and the terms and conditions of the subaward; and that the subrecipient achieves subaward performance goals. Without including all programmatic activities in the monitoring plan, Benefit Programs cannot provide assurance that subrecipients used TANF federal grant funds for authorized purposes in compliance with federal statutes, regulations, and the terms and conditions of the subaward. In response to the prior year’s audit recommendation, Benefit Programs’ management analyzed all its programmatic activities and verified that they were incorporated into its fiscal year 2024 monitoring plan. As part of its corrective action, Benefit Programs’ management mandated that home office staff monitor subrecipients receiving TANF competitive grants once every three years and complete risk assessment procedures in other years to verify that there have not been any changes in the subrecipient’s risk profile. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that it includes all programmatic activities within its monitoring plan and that it conducts monitoring activities in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-101: Verify that Monitoring Plan Includes All Subrecipient Programmatic Activities Applicable to: Department of Social Services Prior Year Finding Number: 2022-015 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558 Federal Award Number and Year: 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b); 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs fiscal year 2023 monitoring plan did not include all subrecipient programmatic activities for the TANF federal grant program. Benefit Programs’ primary programmatic activity for the TANF federal grant program is eligibility determination functions performed by local agencies. However, Benefit Programs also awards various competitive grants to local governments and non-profit organizations to help TANF recipients become self-sufficient. According to 2 CFR § 200.322(b) all pass-through entities are required to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Additionally, 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure it uses the subaward for authorized purposes, which comply with federal statutes, regulations, and the terms and conditions of the subaward; and that the subrecipient achieves subaward performance goals. Without including all programmatic activities in the monitoring plan, Benefit Programs cannot provide assurance that subrecipients used TANF federal grant funds for authorized purposes in compliance with federal statutes, regulations, and the terms and conditions of the subaward. In response to the prior year’s audit recommendation, Benefit Programs’ management analyzed all its programmatic activities and verified that they were incorporated into its fiscal year 2024 monitoring plan. As part of its corrective action, Benefit Programs’ management mandated that home office staff monitor subrecipients receiving TANF competitive grants once every three years and complete risk assessment procedures in other years to verify that there have not been any changes in the subrecipient’s risk profile. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that it includes all programmatic activities within its monitoring plan and that it conducts monitoring activities in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
FINDING 2023-002 Subject: COVID-19 - Education Stabilization Fund - Subrecipient Monitoring Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Number: 84.425U Federal Award Number and Year (or Other Identifying Number): S425U210013 Compliance Requirement: Subrecipient Monitoring Audit Findings: Material Weakness, Modified Opinion Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, material noncompliance related to the COVID-19 - Education Stabilization Fund (ESF) funds passed through to subrecipients. The School Corporation received and passed through to subrecipients $420,500 of ESF funds. The School Corporation is to clearly identify the award and applicable requirements to the subrecipients, evaluate the risk of noncompliance related to the subrecipients to determine appropriate monitoring of the subaward, and monitor the activities of the subrecipients to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. The School Corporation did not enter into an agreement with the subrecipients. As such there is no agreement between the School Corporation and the subrecipients that clearly identifies the award as a subaward or includes all the required data elements. In addition, the School Corporation did not have any policies or procedures in place to evaluate the subrecipients' risk of noncompliance or to monitor the activity of the subrecipients. Per inquiry of the School Corporation, it was determined an evaluation of the risk of noncompliance for the subrecipients was not completed, nor did the subrecipients' files support any such evaluation. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.332 states: "All pass-through entities must: INDIANA STATE BOARD OF ACCOUNTS 18 WEST LAFAYETTE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and include the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward notification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: (1) Federal award identification. (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient's unique entity identifier; (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (vi) Subaward Budget Period Start and End Date; (vii) Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the passthrough entity; (x) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; (xii) Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (xiii) Identification of whether the award is R&D; and (xiv) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; INDIANA STATE BOARD OF ACCOUNTS 19 WEST LAFAYETTE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (3) Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports; (4) (i) An approved federally recognized indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, the pass-through entity must determine the appropriate rate in collaboration with the subrecipient, which is either: (A) The negotiated indirect cost rate between the pass-through entity and the subrecipient; which can be based on a prior negotiated rate between a different PTE and the same subrecipient. If basing the rate on a previously negotiated rate, the passthrough entity is not required to collect information justifying this rate, but may elect to do so; (B) The de minimis indirect cost rate. (ii) The pass-through entity must not require use of a de minimis indirect cost rate if the subrecipient has a Federally approved rate. Subrecipients can elect to use the cost allocation method to account for indirect costs in accordance with § 200.405(d). (5) A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and (6) Appropriate terms and conditions concerning closeout of the subaward. . . . (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in § 200.208. INDIANA STATE BOARD OF ACCOUNTS 20 WEST LAFAYETTE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on programrelated matters; and (2) Performing on-site reviews of the subrecipient's program operations; (3) Arranging for agreed-upon-procedures engagements as described in § 200.425. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. INDIANA STATE BOARD OF ACCOUNTS 21 WEST LAFAYETTE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (h) Consider taking enforcement action against noncompliant subrecipients as described in § 200.339 of this part and in program regulations." Cause A proper system of internal controls was not designed by management of the School Corporation. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the School Corporation's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, the School Corporation did not properly evaluate the subrecipients risk of noncompliance or adequately monitor the subrecipients. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls, including segregation of duties, to evaluate the subrecipients risk of noncompliance and adequately monitor the subrecipients. Additionally, policies and procedures should be implemented to ensure appropriate reviews, approvals, and oversight are taking place, as needed, to evaluate and monitor its subrecipients. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan