2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-101: Verify that Monitoring Plan Includes All Subrecipient Programmatic Activities Applicable to: Department of Social Services Prior Year Finding Number: 2022-015 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558 Federal Award Number and Year: 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b); 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs fiscal year 2023 monitoring plan did not include all subrecipient programmatic activities for the TANF federal grant program. Benefit Programs’ primary programmatic activity for the TANF federal grant program is eligibility determination functions performed by local agencies. However, Benefit Programs also awards various competitive grants to local governments and non-profit organizations to help TANF recipients become self-sufficient. According to 2 CFR § 200.322(b) all pass-through entities are required to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Additionally, 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure it uses the subaward for authorized purposes, which comply with federal statutes, regulations, and the terms and conditions of the subaward; and that the subrecipient achieves subaward performance goals. Without including all programmatic activities in the monitoring plan, Benefit Programs cannot provide assurance that subrecipients used TANF federal grant funds for authorized purposes in compliance with federal statutes, regulations, and the terms and conditions of the subaward. In response to the prior year’s audit recommendation, Benefit Programs’ management analyzed all its programmatic activities and verified that they were incorporated into its fiscal year 2024 monitoring plan. As part of its corrective action, Benefit Programs’ management mandated that home office staff monitor subrecipients receiving TANF competitive grants once every three years and complete risk assessment procedures in other years to verify that there have not been any changes in the subrecipient’s risk profile. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that it includes all programmatic activities within its monitoring plan and that it conducts monitoring activities in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-101: Verify that Monitoring Plan Includes All Subrecipient Programmatic Activities Applicable to: Department of Social Services Prior Year Finding Number: 2022-015 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558 Federal Award Number and Year: 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b); 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs fiscal year 2023 monitoring plan did not include all subrecipient programmatic activities for the TANF federal grant program. Benefit Programs’ primary programmatic activity for the TANF federal grant program is eligibility determination functions performed by local agencies. However, Benefit Programs also awards various competitive grants to local governments and non-profit organizations to help TANF recipients become self-sufficient. According to 2 CFR § 200.322(b) all pass-through entities are required to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Additionally, 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure it uses the subaward for authorized purposes, which comply with federal statutes, regulations, and the terms and conditions of the subaward; and that the subrecipient achieves subaward performance goals. Without including all programmatic activities in the monitoring plan, Benefit Programs cannot provide assurance that subrecipients used TANF federal grant funds for authorized purposes in compliance with federal statutes, regulations, and the terms and conditions of the subaward. In response to the prior year’s audit recommendation, Benefit Programs’ management analyzed all its programmatic activities and verified that they were incorporated into its fiscal year 2024 monitoring plan. As part of its corrective action, Benefit Programs’ management mandated that home office staff monitor subrecipients receiving TANF competitive grants once every three years and complete risk assessment procedures in other years to verify that there have not been any changes in the subrecipient’s risk profile. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that it includes all programmatic activities within its monitoring plan and that it conducts monitoring activities in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-101: Verify that Monitoring Plan Includes All Subrecipient Programmatic Activities Applicable to: Department of Social Services Prior Year Finding Number: 2022-015 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558 Federal Award Number and Year: 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b); 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs fiscal year 2023 monitoring plan did not include all subrecipient programmatic activities for the TANF federal grant program. Benefit Programs’ primary programmatic activity for the TANF federal grant program is eligibility determination functions performed by local agencies. However, Benefit Programs also awards various competitive grants to local governments and non-profit organizations to help TANF recipients become self-sufficient. According to 2 CFR § 200.322(b) all pass-through entities are required to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Additionally, 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure it uses the subaward for authorized purposes, which comply with federal statutes, regulations, and the terms and conditions of the subaward; and that the subrecipient achieves subaward performance goals. Without including all programmatic activities in the monitoring plan, Benefit Programs cannot provide assurance that subrecipients used TANF federal grant funds for authorized purposes in compliance with federal statutes, regulations, and the terms and conditions of the subaward. In response to the prior year’s audit recommendation, Benefit Programs’ management analyzed all its programmatic activities and verified that they were incorporated into its fiscal year 2024 monitoring plan. As part of its corrective action, Benefit Programs’ management mandated that home office staff monitor subrecipients receiving TANF competitive grants once every three years and complete risk assessment procedures in other years to verify that there have not been any changes in the subrecipient’s risk profile. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that it includes all programmatic activities within its monitoring plan and that it conducts monitoring activities in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
FINDING 2023-002 Subject: COVID-19 - Education Stabilization Fund - Subrecipient Monitoring Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Number: 84.425U Federal Award Number and Year (or Other Identifying Number): S425U210013 Compliance Requirement: Subrecipient Monitoring Audit Findings: Material Weakness, Modified Opinion Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, material noncompliance related to the COVID-19 - Education Stabilization Fund (ESF) funds passed through to subrecipients. The School Corporation received and passed through to subrecipients $420,500 of ESF funds. The School Corporation is to clearly identify the award and applicable requirements to the subrecipients, evaluate the risk of noncompliance related to the subrecipients to determine appropriate monitoring of the subaward, and monitor the activities of the subrecipients to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. The School Corporation did not enter into an agreement with the subrecipients. As such there is no agreement between the School Corporation and the subrecipients that clearly identifies the award as a subaward or includes all the required data elements. In addition, the School Corporation did not have any policies or procedures in place to evaluate the subrecipients' risk of noncompliance or to monitor the activity of the subrecipients. Per inquiry of the School Corporation, it was determined an evaluation of the risk of noncompliance for the subrecipients was not completed, nor did the subrecipients' files support any such evaluation. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.332 states: "All pass-through entities must: INDIANA STATE BOARD OF ACCOUNTS 18 WEST LAFAYETTE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and include the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward notification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: (1) Federal award identification. (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient's unique entity identifier; (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (vi) Subaward Budget Period Start and End Date; (vii) Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the passthrough entity; (x) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; (xii) Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (xiii) Identification of whether the award is R&D; and (xiv) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; INDIANA STATE BOARD OF ACCOUNTS 19 WEST LAFAYETTE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (3) Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports; (4) (i) An approved federally recognized indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, the pass-through entity must determine the appropriate rate in collaboration with the subrecipient, which is either: (A) The negotiated indirect cost rate between the pass-through entity and the subrecipient; which can be based on a prior negotiated rate between a different PTE and the same subrecipient. If basing the rate on a previously negotiated rate, the passthrough entity is not required to collect information justifying this rate, but may elect to do so; (B) The de minimis indirect cost rate. (ii) The pass-through entity must not require use of a de minimis indirect cost rate if the subrecipient has a Federally approved rate. Subrecipients can elect to use the cost allocation method to account for indirect costs in accordance with § 200.405(d). (5) A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and (6) Appropriate terms and conditions concerning closeout of the subaward. . . . (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in § 200.208. INDIANA STATE BOARD OF ACCOUNTS 20 WEST LAFAYETTE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on programrelated matters; and (2) Performing on-site reviews of the subrecipient's program operations; (3) Arranging for agreed-upon-procedures engagements as described in § 200.425. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. INDIANA STATE BOARD OF ACCOUNTS 21 WEST LAFAYETTE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (h) Consider taking enforcement action against noncompliant subrecipients as described in § 200.339 of this part and in program regulations." Cause A proper system of internal controls was not designed by management of the School Corporation. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the School Corporation's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, the School Corporation did not properly evaluate the subrecipients risk of noncompliance or adequately monitor the subrecipients. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls, including segregation of duties, to evaluate the subrecipients risk of noncompliance and adequately monitor the subrecipients. Additionally, policies and procedures should be implemented to ensure appropriate reviews, approvals, and oversight are taking place, as needed, to evaluate and monitor its subrecipients. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
Program: Foster Care Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2301CAFOST and 2023, 2201CAFOST and 2022 Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Instance of Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: • 2 CFR Part 200.332(a), Requirements for Pass-Through Entities, states that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes certain information as well as all the requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations, and the terms and conditions of the award. • 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). • 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). • 2 CFR 200.332(f) – Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. The California Department of Social Services further clarifies in its County Fiscal Letter No. 22/23-91 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any follow-up to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management). Condition: The Social Services Agency (SSA) did not have any formal controls in place for evaluating each subrecipient’s risk of noncompliance or the purpose of determining the appropriate subrecipient monitoring or for subrecipient monitoring for the Foster Care program. Additionally, the following information was not provided at the time of the subaward for ten (10) of fourteen (14) subawards selected for testing from the SSA’s for the Foster Care program: • Subrecipient’s unique entity identifier • Federal award identification number • Federal award date of award to recipient by the Federal agency • Subaward period of performance • Amount of federal funds obligated to the subrecipient • Amount of federal funds committed to the subrecipient • Federal award project description • Name of federal awarding agency • CFDA/Assistance Listing number • Identification of whether the award is research and development • Indirect cost rate During our testing, we noted for four (4) of fourteen (14) subrecipients selected, SSA did not have documentation that the SAM clearance was performed prior to entering the contract with the subrecipient. The County’s policy was to verify the subrecipient was not suspended or debarred prior to entering the contract, but the County did not retain evidence of this check prior to entering the contract. Cause: The SSA’s procedures did not consistently ensure that the required award information and applicable requires were communicated to the subrecipients. The SSA did not follow their procedures to evaluate the risk of noncompliance or monitor the activities of each subrecipient, and the SSA did not maintain documentation of their verification that every subrecipient is audited, as required. Additionally, the SSA department did not follow their policy to retain documentation of the verification of the information prior to entering the contract. Effect: The County’s control policies were not consistently followed which require compliance with the Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Additionally, the County’s control policies were not consistently followed, which required documentation of the verification prior to entering the contract. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of fourteen (14) out of seventy (70) subrecipients were sampled, which included seven (7) FFA, and seven (7) STRTP types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2022-002,2022-005 and 2022-006. Recommendation: We recommend that the County adhere to their policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. We recommend that the County adhere to their procedures requiring documentation of the SAM clearance prior to entering the contract. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Foster Care Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2301CAFOST and 2023, 2201CAFOST and 2022 Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Instance of Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: • 2 CFR Part 200.332(a), Requirements for Pass-Through Entities, states that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes certain information as well as all the requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations, and the terms and conditions of the award. • 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). • 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). • 2 CFR 200.332(f) – Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. The California Department of Social Services further clarifies in its County Fiscal Letter No. 22/23-91 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any follow-up to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management). Condition: The Social Services Agency (SSA) did not have any formal controls in place for evaluating each subrecipient’s risk of noncompliance or the purpose of determining the appropriate subrecipient monitoring or for subrecipient monitoring for the Foster Care program. Additionally, the following information was not provided at the time of the subaward for ten (10) of fourteen (14) subawards selected for testing from the SSA’s for the Foster Care program: • Subrecipient’s unique entity identifier • Federal award identification number • Federal award date of award to recipient by the Federal agency • Subaward period of performance • Amount of federal funds obligated to the subrecipient • Amount of federal funds committed to the subrecipient • Federal award project description • Name of federal awarding agency • CFDA/Assistance Listing number • Identification of whether the award is research and development • Indirect cost rate During our testing, we noted for four (4) of fourteen (14) subrecipients selected, SSA did not have documentation that the SAM clearance was performed prior to entering the contract with the subrecipient. The County’s policy was to verify the subrecipient was not suspended or debarred prior to entering the contract, but the County did not retain evidence of this check prior to entering the contract. Cause: The SSA’s procedures did not consistently ensure that the required award information and applicable requires were communicated to the subrecipients. The SSA did not follow their procedures to evaluate the risk of noncompliance or monitor the activities of each subrecipient, and the SSA did not maintain documentation of their verification that every subrecipient is audited, as required. Additionally, the SSA department did not follow their policy to retain documentation of the verification of the information prior to entering the contract. Effect: The County’s control policies were not consistently followed which require compliance with the Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Additionally, the County’s control policies were not consistently followed, which required documentation of the verification prior to entering the contract. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of fourteen (14) out of seventy (70) subrecipients were sampled, which included seven (7) FFA, and seven (7) STRTP types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2022-002,2022-005 and 2022-006. Recommendation: We recommend that the County adhere to their policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. We recommend that the County adhere to their procedures requiring documentation of the SAM clearance prior to entering the contract. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Foster Care Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2301CAFOST and 2023, 2201CAFOST and 2022 Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Instance of Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: • 2 CFR Part 200.332(a), Requirements for Pass-Through Entities, states that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes certain information as well as all the requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations, and the terms and conditions of the award. • 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). • 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). • 2 CFR 200.332(f) – Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. The California Department of Social Services further clarifies in its County Fiscal Letter No. 22/23-91 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any follow-up to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management). Condition: The Social Services Agency (SSA) did not have any formal controls in place for evaluating each subrecipient’s risk of noncompliance or the purpose of determining the appropriate subrecipient monitoring or for subrecipient monitoring for the Foster Care program. Additionally, the following information was not provided at the time of the subaward for ten (10) of fourteen (14) subawards selected for testing from the SSA’s for the Foster Care program: • Subrecipient’s unique entity identifier • Federal award identification number • Federal award date of award to recipient by the Federal agency • Subaward period of performance • Amount of federal funds obligated to the subrecipient • Amount of federal funds committed to the subrecipient • Federal award project description • Name of federal awarding agency • CFDA/Assistance Listing number • Identification of whether the award is research and development • Indirect cost rate During our testing, we noted for four (4) of fourteen (14) subrecipients selected, SSA did not have documentation that the SAM clearance was performed prior to entering the contract with the subrecipient. The County’s policy was to verify the subrecipient was not suspended or debarred prior to entering the contract, but the County did not retain evidence of this check prior to entering the contract. Cause: The SSA’s procedures did not consistently ensure that the required award information and applicable requires were communicated to the subrecipients. The SSA did not follow their procedures to evaluate the risk of noncompliance or monitor the activities of each subrecipient, and the SSA did not maintain documentation of their verification that every subrecipient is audited, as required. Additionally, the SSA department did not follow their policy to retain documentation of the verification of the information prior to entering the contract. Effect: The County’s control policies were not consistently followed which require compliance with the Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Additionally, the County’s control policies were not consistently followed, which required documentation of the verification prior to entering the contract. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of fourteen (14) out of seventy (70) subrecipients were sampled, which included seven (7) FFA, and seven (7) STRTP types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2022-002,2022-005 and 2022-006. Recommendation: We recommend that the County adhere to their policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. We recommend that the County adhere to their procedures requiring documentation of the SAM clearance prior to entering the contract. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Foster Care Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2301CAFOST and 2023, 2201CAFOST and 2022 Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Instance of Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: • 2 CFR Part 200.332(a), Requirements for Pass-Through Entities, states that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes certain information as well as all the requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations, and the terms and conditions of the award. • 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). • 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). • 2 CFR 200.332(f) – Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. The California Department of Social Services further clarifies in its County Fiscal Letter No. 22/23-91 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any follow-up to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management). Condition: The Social Services Agency (SSA) did not have any formal controls in place for evaluating each subrecipient’s risk of noncompliance or the purpose of determining the appropriate subrecipient monitoring or for subrecipient monitoring for the Foster Care program. Additionally, the following information was not provided at the time of the subaward for ten (10) of fourteen (14) subawards selected for testing from the SSA’s for the Foster Care program: • Subrecipient’s unique entity identifier • Federal award identification number • Federal award date of award to recipient by the Federal agency • Subaward period of performance • Amount of federal funds obligated to the subrecipient • Amount of federal funds committed to the subrecipient • Federal award project description • Name of federal awarding agency • CFDA/Assistance Listing number • Identification of whether the award is research and development • Indirect cost rate During our testing, we noted for four (4) of fourteen (14) subrecipients selected, SSA did not have documentation that the SAM clearance was performed prior to entering the contract with the subrecipient. The County’s policy was to verify the subrecipient was not suspended or debarred prior to entering the contract, but the County did not retain evidence of this check prior to entering the contract. Cause: The SSA’s procedures did not consistently ensure that the required award information and applicable requires were communicated to the subrecipients. The SSA did not follow their procedures to evaluate the risk of noncompliance or monitor the activities of each subrecipient, and the SSA did not maintain documentation of their verification that every subrecipient is audited, as required. Additionally, the SSA department did not follow their policy to retain documentation of the verification of the information prior to entering the contract. Effect: The County’s control policies were not consistently followed which require compliance with the Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Additionally, the County’s control policies were not consistently followed, which required documentation of the verification prior to entering the contract. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of fourteen (14) out of seventy (70) subrecipients were sampled, which included seven (7) FFA, and seven (7) STRTP types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2022-002,2022-005 and 2022-006. Recommendation: We recommend that the County adhere to their policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. We recommend that the County adhere to their procedures requiring documentation of the SAM clearance prior to entering the contract. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Various, including AL 84.027 – Special Education Grants to States; AL 84.173 – COVID-19 Special Education Preschool Grants; AL 84.425D – COVID-19 Education Stabilization Fund – Elementary and Secondary School Emergency Relief Fund (ESSER I and ESSER II); AL 84.425U – COVID-19 Education Stabilization Fund – American Rescue Plan – Elementary and Secondary School Emergency Relief Fund (ARP ESSER) – Subrecipient Monitoring Grant Number & Year: Various, including H027A210079, FFY 2022; H173X210077, FFY 2022; S425D200048, grant period ending 9/30/2022; S425D210048, grant period ending 9/30/2023; S425U210048, grant period ending 9/30/2024. Federal Grantor Agency: U.S. Department of Education Criteria: Per 2 CFR § 3474.1 (January 1, 2023), the U.S. Department of Education adopted the OMB Uniform Guidance in 2 CFR part 200, except for 2 CFR § 200.102(a) and 200.207(a). Per 2 CFR § 200.403 (January 1, 2023), allowable costs must be necessary, reasonable, and adequately documented. 2 CFR § 200.332 (January 1, 2023) states, in relevant part, the following: All pass-through entities must: * * * * (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. * * * * (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward[.] * * * * (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. 2 CFR § 200.521 (January 1, 2023) states, in relevant part, the following: (c) Pass-through entity. As provided in § 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. Good internal control requires procedures to ensure that subrecipients are using grant funds for allowable purposes. Good internal control also requires procedures to ensure that subrecipient Single Audit reports are being reviewed, and management decision letters are being issued in a timely manner to ensure that corrective action is being implemented. Condition: For 3 of 27 subrecipients tested that received Federal funds from the Special Education Cluster, the Agency did not perform adequate subrecipient monitoring to ensure that funds were used for allowable purposes. For seven subrecipients tested that received Federal funds from the Education Stabilization Fund and/or Special Education Cluster, the Agency did not issue a management decision letter within the time requirement for five subrecipients and did not issue a management decision letter for two subrecipients. The Agency also failed to track and review the Single Audit report for one subrecipient. Repeat Finding: No Questioned Costs: Unknown Statistical Sample: No Context: The Agency performs various subrecipient monitoring activities during the year to ensure that subrecipients are using funds for an allowable purpose. These activities include reviewing a sample of expenditures from all reimbursement requests, tracking subrecipient audit requirements and reviewing Single Audit reports, and performing fiscal monitoring on a three-year basis. During review of reimbursement requests, the Agency does not perform procedures to ensure that salary and benefits allocated to the Special Education (SPED) grants are adequately supported by underlying documentation for a majority of its subrecipients. Rather the Agency relies on the fiscal monitoring to test that payroll is being properly allocated to grants, and the subrecipients have procedures in place to comply with Uniform Guidance Requirements. During testing of 27 subrecipients that received SPED grants, we noted the following for three subrecipients: • For the first subrecipient, the Agency had never completed a fiscal monitoring review. The Agency indicated that it was currently conducting fiscal monitoring of the school, but the subrecipient had been slow to provide documentation, resulting in delays. • The second subrecipient also did not have a fiscal monitoring review. At the time of the reimbursement, moreover, the Agency did not review any underlying documentation to support the costs allocated to the grant. The Agency stated that it relied on the entity’s annual audit to ensure costs were allocated properly; however, the subrecipient had not had a recent Single Audit in which the Special Education Cluster was a major program. • The third subrecipient had a fiscal monitoring review of payroll costs, but there was no documentation to show that the Agency had reviewed other purchased services at the time of reimbursement or during the fiscal monitoring. During review of the Agency’s procedures for reviewing subrecipient Single Audits, we noted the following: • For two subrecipients tested, their Single Audits noted significant deficiencies and material weaknesses, including one instance of questioned costs totaling $105,273; however, the Agency did not issue a management decision letter on the findings or provide documentation of any follow-up performed. • For five subrecipients tested, the management decision letter was issued eight to nine months after the audit was made available on the Federal Audit Clearinghouse (FAC). • One subrecipient was not being tracked by the Agency. This subrecipient had received $939,358 in Federal funds from the Agency. After the APA pointed this out, the Agency obtained a copy of the subrecipient’s Single Audit report, which noted no findings. Cause: Inadequate subrecipient monitoring procedures. The Agency stated it had other priorities during the year that delayed its review of the subrecipients’ Single Audit reports. Effect: Without adequate procedures, there is increased risk of noncompliance with Federal regulations, audit findings of subrecipients not being corrected, and an increased risk of loss or misuse of funds. Recommendation: We recommend the Agency review its procedures for reimbursements and fiscal monitoring to ensure subrecipients are operating in compliance with Federal requirements. We also recommend the Agency improve procedures to ensure that all subrecipients are being tracked for Single Audit requirements, and management decisions are issued in response to all findings in a timely manner. Management Response: First SPED subrecipient – The first recipient’s fiscal monitoring review is part of the current annual group of recipients being monitored; set to close June 30, 2024. Second SPED subrecipient – As part of the FY2020 federal Single Audit testing conducted by KPMG, determined the after-the-fact verification as a method to certify that the payment received on a project is reasonable in relation to the amount of work performed. Third SPED subrecipient – Purchased services and supplies were reviewed during fiscal monitoring, but the documentation was in paper form, not electronic, and was not initially provided to the auditors when requested. It was provided on March 4, 2024, when located. Single Audits – Due to extensive time commitment to State audit facilitation and Education Stabilization Fund Annual Performance Reporting, some management decision letters were not issued or were issued late. The NDE staff member performing the annual audit reviews was not aware of an additional subrecipient that needed reviewed. APA Response: The Special Education Cluster was not a major program for the second subrecipient in FY2020. For the third subrecipient, we originally requested the Agency’s fiscal monitoring documentation on December 21, 2023. Neb. Rev. Stat. § 84-305(2) (Cum. Supp. 2022) requires compliance with such a request to occur within “three business days after actual receipt of the request.” The only exceptions to that three-day response requirement are if there is “a legal basis for refusal to comply with the request” or “the entire request cannot with reasonable good faith efforts be fulfilled within three business days after actual receipt of the request due to the significant difficulty or the extensiveness of the request.” In either instance, § 84-305(2) requires the recipient of the request to take specific action in claiming the exception. The Agency failed to do so, clearly violating § 84-305(2). In no case not involving a legal basis for noncompliance, moreover, may the required compliance “exceed three calendar weeks after actual receipt of such request by any public entity.” Nevertheless, the additional documentation was not provided until over 11 weeks after being requested, which is another clear violation of § 84-305(2).
Program: Various, including AL 84.027 – Special Education Grants to States; AL 84.173 – COVID-19 Special Education Preschool Grants; AL 84.425D – COVID-19 Education Stabilization Fund – Elementary and Secondary School Emergency Relief Fund (ESSER I and ESSER II); AL 84.425U – COVID-19 Education Stabilization Fund – American Rescue Plan – Elementary and Secondary School Emergency Relief Fund (ARP ESSER) – Subrecipient Monitoring Grant Number & Year: Various, including H027A210079, FFY 2022; H173X210077, FFY 2022; S425D200048, grant period ending 9/30/2022; S425D210048, grant period ending 9/30/2023; S425U210048, grant period ending 9/30/2024. Federal Grantor Agency: U.S. Department of Education Criteria: Per 2 CFR § 3474.1 (January 1, 2023), the U.S. Department of Education adopted the OMB Uniform Guidance in 2 CFR part 200, except for 2 CFR § 200.102(a) and 200.207(a). Per 2 CFR § 200.403 (January 1, 2023), allowable costs must be necessary, reasonable, and adequately documented. 2 CFR § 200.332 (January 1, 2023) states, in relevant part, the following: All pass-through entities must: * * * * (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. * * * * (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward[.] * * * * (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. 2 CFR § 200.521 (January 1, 2023) states, in relevant part, the following: (c) Pass-through entity. As provided in § 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. Good internal control requires procedures to ensure that subrecipients are using grant funds for allowable purposes. Good internal control also requires procedures to ensure that subrecipient Single Audit reports are being reviewed, and management decision letters are being issued in a timely manner to ensure that corrective action is being implemented. Condition: For 3 of 27 subrecipients tested that received Federal funds from the Special Education Cluster, the Agency did not perform adequate subrecipient monitoring to ensure that funds were used for allowable purposes. For seven subrecipients tested that received Federal funds from the Education Stabilization Fund and/or Special Education Cluster, the Agency did not issue a management decision letter within the time requirement for five subrecipients and did not issue a management decision letter for two subrecipients. The Agency also failed to track and review the Single Audit report for one subrecipient. Repeat Finding: No Questioned Costs: Unknown Statistical Sample: No Context: The Agency performs various subrecipient monitoring activities during the year to ensure that subrecipients are using funds for an allowable purpose. These activities include reviewing a sample of expenditures from all reimbursement requests, tracking subrecipient audit requirements and reviewing Single Audit reports, and performing fiscal monitoring on a three-year basis. During review of reimbursement requests, the Agency does not perform procedures to ensure that salary and benefits allocated to the Special Education (SPED) grants are adequately supported by underlying documentation for a majority of its subrecipients. Rather the Agency relies on the fiscal monitoring to test that payroll is being properly allocated to grants, and the subrecipients have procedures in place to comply with Uniform Guidance Requirements. During testing of 27 subrecipients that received SPED grants, we noted the following for three subrecipients: • For the first subrecipient, the Agency had never completed a fiscal monitoring review. The Agency indicated that it was currently conducting fiscal monitoring of the school, but the subrecipient had been slow to provide documentation, resulting in delays. • The second subrecipient also did not have a fiscal monitoring review. At the time of the reimbursement, moreover, the Agency did not review any underlying documentation to support the costs allocated to the grant. The Agency stated that it relied on the entity’s annual audit to ensure costs were allocated properly; however, the subrecipient had not had a recent Single Audit in which the Special Education Cluster was a major program. • The third subrecipient had a fiscal monitoring review of payroll costs, but there was no documentation to show that the Agency had reviewed other purchased services at the time of reimbursement or during the fiscal monitoring. During review of the Agency’s procedures for reviewing subrecipient Single Audits, we noted the following: • For two subrecipients tested, their Single Audits noted significant deficiencies and material weaknesses, including one instance of questioned costs totaling $105,273; however, the Agency did not issue a management decision letter on the findings or provide documentation of any follow-up performed. • For five subrecipients tested, the management decision letter was issued eight to nine months after the audit was made available on the Federal Audit Clearinghouse (FAC). • One subrecipient was not being tracked by the Agency. This subrecipient had received $939,358 in Federal funds from the Agency. After the APA pointed this out, the Agency obtained a copy of the subrecipient’s Single Audit report, which noted no findings. Cause: Inadequate subrecipient monitoring procedures. The Agency stated it had other priorities during the year that delayed its review of the subrecipients’ Single Audit reports. Effect: Without adequate procedures, there is increased risk of noncompliance with Federal regulations, audit findings of subrecipients not being corrected, and an increased risk of loss or misuse of funds. Recommendation: We recommend the Agency review its procedures for reimbursements and fiscal monitoring to ensure subrecipients are operating in compliance with Federal requirements. We also recommend the Agency improve procedures to ensure that all subrecipients are being tracked for Single Audit requirements, and management decisions are issued in response to all findings in a timely manner. Management Response: First SPED subrecipient – The first recipient’s fiscal monitoring review is part of the current annual group of recipients being monitored; set to close June 30, 2024. Second SPED subrecipient – As part of the FY2020 federal Single Audit testing conducted by KPMG, determined the after-the-fact verification as a method to certify that the payment received on a project is reasonable in relation to the amount of work performed. Third SPED subrecipient – Purchased services and supplies were reviewed during fiscal monitoring, but the documentation was in paper form, not electronic, and was not initially provided to the auditors when requested. It was provided on March 4, 2024, when located. Single Audits – Due to extensive time commitment to State audit facilitation and Education Stabilization Fund Annual Performance Reporting, some management decision letters were not issued or were issued late. The NDE staff member performing the annual audit reviews was not aware of an additional subrecipient that needed reviewed. APA Response: The Special Education Cluster was not a major program for the second subrecipient in FY2020. For the third subrecipient, we originally requested the Agency’s fiscal monitoring documentation on December 21, 2023. Neb. Rev. Stat. § 84-305(2) (Cum. Supp. 2022) requires compliance with such a request to occur within “three business days after actual receipt of the request.” The only exceptions to that three-day response requirement are if there is “a legal basis for refusal to comply with the request” or “the entire request cannot with reasonable good faith efforts be fulfilled within three business days after actual receipt of the request due to the significant difficulty or the extensiveness of the request.” In either instance, § 84-305(2) requires the recipient of the request to take specific action in claiming the exception. The Agency failed to do so, clearly violating § 84-305(2). In no case not involving a legal basis for noncompliance, moreover, may the required compliance “exceed three calendar weeks after actual receipt of such request by any public entity.” Nevertheless, the additional documentation was not provided until over 11 weeks after being requested, which is another clear violation of § 84-305(2).
Program: AL 84.287 – Twenty-First Century Community Learning Centers – Subrecipient Monitoring Grant Number & Year: S287C210027, FFY 2022 Federal Grantor Agency: U.S. Department of Education Criteria: Per 2 CFR § 3474.1 (January 1, 2023), the U.S. Department of Education adopted the OMB Uniform Guidance in 2 CFR part 200, except for 2 CFR § 200.102(a) and 200.207(a). 2 CFR § 200.332 (January 1, 2023) states, in relevant part, the following: All pass-through entities must: * * * * (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. 2 CFR § 200.508 (January 1, 2023) states, in relevant part, the following: The auditee must: * * * * (d) Provide the auditor with access to personnel, accounts, books, records, supporting documentation, and other information as needed for the auditor to perform the audit required by this part. Neb. Rev. Stat. § 84-305(2) (Cum. Supp. 2022) states, in relevant part, the following: Upon receipt of a written request by the Auditor of Public Accounts for access to any information or records, the public entity shall provide to the auditor as soon as is practicable and without delay, but not more than three business days after actual receipt of the request, either (a) the requested materials or (b)(i) if there is a legal basis for refusal to comply with the request, a written denial of the request together with the information specified in subsection (1) of this section or (ii) if the entire request cannot with reasonable good faith efforts be fulfilled within three business days after actual receipt of the request due to the significant difficulty or the extensiveness of the request, a written explanation, including the earliest practicable date for fulfilling the request, and an opportunity for the auditor to modify or prioritize the items within the request. No delay due to the significant difficulty or the extensiveness of any request for access to information or records shall exceed three calendar weeks after actual receipt of such request by any public entity. (Emphasis added.) A proper system of internal control includes procedures to ensure the Department’s fiscal monitoring polices are followed. Good internal control also requires procedures to ensure audit information is provided promptly in accordance with State and Federal requirements. Condition: The Agency failed to perform fiscal monitoring of one subrecipient tested for the Twenty-First Century Community Learning Centers grant. Contrary to § 84-305(2), moreover, the Agency failed to respond promptly to requests for information. Repeat Finding: No Questioned Costs: None Statistical Sample: No Context: The Agency performed a review of a reimbursement request for $183,825, where staff compared the amount claimed to the school-provided accounting records and payroll reports with employee names. The Agency’s policy then requires further fiscal monitoring on at least a three-year rotational basis for all school districts. As part of this process, a more detailed review of time and effort documentation is supposed to be completed. According to Agency staff, fiscal monitoring was scheduled for October 2022; however, school district staff stated that the timing would not work for them. The Agency began its review in December 2022, but the process had yet to be completed – more than a year later – due to a lack of responsiveness from the school district. Fiscal monitoring of the school district was last performed in fiscal year 2020. Additionally, the APA asked the Agency on January 11, 2024, for documentation to support the payroll expenses on the reimbursement request. On January 12, 2024, the Agency presented the APA with the documentation from the school district; however, this was the same documentation provided previously to the Agency at the time of reimbursement. This documentation was insufficient to support the payroll expenses questioned. On March 1, 2024, seven weeks after the APA’s request, the Agency produced the additional information to support the payroll expenses. Cause: Inadequate subrecipient monitoring procedures. Effect: Without adequate monitoring procedures, there is an increased risk for the payment of unallowable Federal expenses. Recommendation: We recommend the Agency strengthen its procedures for ensuring that fiscal monitoring is completed in accordance with the Agency’s policies. We further recommend the Agency implement procedures to ensure compliance with both 2 CFR § 200.508 and § 84-305(2). Management Response: The Grants Compliance Section is the Agency’s internal control function performing the requirements within 2 CFR 200.332, applying risk assessment to determine the annual fiscal monitoring base cadence and sequential sampling; non-probability sampling ensuring all recipients are subject to fiscal monitoring efforts in a three-year cycle at a minimum. As education subrecipients have received a significant influx of subawards to mitigate post-COVID supports for Nebraska education with limited staff capacity, the Department has remained mindful of these conditions and completed fiscal monitoring activities and issued an exit letter on September 5, 2023. APA Response: This finding was included as Comment 4 in the Annual Comprehensive Financial Report (ACFR) management letter dated December 13, 2023. The Agency responded, in part, “Fiscal monitoring of Lexington Public Schools was being performed in 2023 but was not completed as of the time of the ACFR audit.” When the Single Audit team requested the payroll documentation, the Agency did not inform the APA that monitoring was completed until March 5, 2024, which is well past the time requirements set out in § 84-305(2). Regardless, the fiscal monitoring was not completed within three years.
Program: Various, including AL 84.027 – Special Education Grants to States; AL 84.173 – COVID-19 Special Education Preschool Grants; AL 84.425D – COVID-19 Education Stabilization Fund – Elementary and Secondary School Emergency Relief Fund (ESSER I and ESSER II); AL 84.425U – COVID-19 Education Stabilization Fund – American Rescue Plan – Elementary and Secondary School Emergency Relief Fund (ARP ESSER) – Subrecipient Monitoring Grant Number & Year: Various, including H027A210079, FFY 2022; H173X210077, FFY 2022; S425D200048, grant period ending 9/30/2022; S425D210048, grant period ending 9/30/2023; S425U210048, grant period ending 9/30/2024. Federal Grantor Agency: U.S. Department of Education Criteria: Per 2 CFR § 3474.1 (January 1, 2023), the U.S. Department of Education adopted the OMB Uniform Guidance in 2 CFR part 200, except for 2 CFR § 200.102(a) and 200.207(a). Per 2 CFR § 200.403 (January 1, 2023), allowable costs must be necessary, reasonable, and adequately documented. 2 CFR § 200.332 (January 1, 2023) states, in relevant part, the following: All pass-through entities must: * * * * (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. * * * * (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward[.] * * * * (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. 2 CFR § 200.521 (January 1, 2023) states, in relevant part, the following: (c) Pass-through entity. As provided in § 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. Good internal control requires procedures to ensure that subrecipients are using grant funds for allowable purposes. Good internal control also requires procedures to ensure that subrecipient Single Audit reports are being reviewed, and management decision letters are being issued in a timely manner to ensure that corrective action is being implemented. Condition: For 3 of 27 subrecipients tested that received Federal funds from the Special Education Cluster, the Agency did not perform adequate subrecipient monitoring to ensure that funds were used for allowable purposes. For seven subrecipients tested that received Federal funds from the Education Stabilization Fund and/or Special Education Cluster, the Agency did not issue a management decision letter within the time requirement for five subrecipients and did not issue a management decision letter for two subrecipients. The Agency also failed to track and review the Single Audit report for one subrecipient. Repeat Finding: No Questioned Costs: Unknown Statistical Sample: No Context: The Agency performs various subrecipient monitoring activities during the year to ensure that subrecipients are using funds for an allowable purpose. These activities include reviewing a sample of expenditures from all reimbursement requests, tracking subrecipient audit requirements and reviewing Single Audit reports, and performing fiscal monitoring on a three-year basis. During review of reimbursement requests, the Agency does not perform procedures to ensure that salary and benefits allocated to the Special Education (SPED) grants are adequately supported by underlying documentation for a majority of its subrecipients. Rather the Agency relies on the fiscal monitoring to test that payroll is being properly allocated to grants, and the subrecipients have procedures in place to comply with Uniform Guidance Requirements. During testing of 27 subrecipients that received SPED grants, we noted the following for three subrecipients: • For the first subrecipient, the Agency had never completed a fiscal monitoring review. The Agency indicated that it was currently conducting fiscal monitoring of the school, but the subrecipient had been slow to provide documentation, resulting in delays. • The second subrecipient also did not have a fiscal monitoring review. At the time of the reimbursement, moreover, the Agency did not review any underlying documentation to support the costs allocated to the grant. The Agency stated that it relied on the entity’s annual audit to ensure costs were allocated properly; however, the subrecipient had not had a recent Single Audit in which the Special Education Cluster was a major program. • The third subrecipient had a fiscal monitoring review of payroll costs, but there was no documentation to show that the Agency had reviewed other purchased services at the time of reimbursement or during the fiscal monitoring. During review of the Agency’s procedures for reviewing subrecipient Single Audits, we noted the following: • For two subrecipients tested, their Single Audits noted significant deficiencies and material weaknesses, including one instance of questioned costs totaling $105,273; however, the Agency did not issue a management decision letter on the findings or provide documentation of any follow-up performed. • For five subrecipients tested, the management decision letter was issued eight to nine months after the audit was made available on the Federal Audit Clearinghouse (FAC). • One subrecipient was not being tracked by the Agency. This subrecipient had received $939,358 in Federal funds from the Agency. After the APA pointed this out, the Agency obtained a copy of the subrecipient’s Single Audit report, which noted no findings. Cause: Inadequate subrecipient monitoring procedures. The Agency stated it had other priorities during the year that delayed its review of the subrecipients’ Single Audit reports. Effect: Without adequate procedures, there is increased risk of noncompliance with Federal regulations, audit findings of subrecipients not being corrected, and an increased risk of loss or misuse of funds. Recommendation: We recommend the Agency review its procedures for reimbursements and fiscal monitoring to ensure subrecipients are operating in compliance with Federal requirements. We also recommend the Agency improve procedures to ensure that all subrecipients are being tracked for Single Audit requirements, and management decisions are issued in response to all findings in a timely manner. Management Response: First SPED subrecipient – The first recipient’s fiscal monitoring review is part of the current annual group of recipients being monitored; set to close June 30, 2024. Second SPED subrecipient – As part of the FY2020 federal Single Audit testing conducted by KPMG, determined the after-the-fact verification as a method to certify that the payment received on a project is reasonable in relation to the amount of work performed. Third SPED subrecipient – Purchased services and supplies were reviewed during fiscal monitoring, but the documentation was in paper form, not electronic, and was not initially provided to the auditors when requested. It was provided on March 4, 2024, when located. Single Audits – Due to extensive time commitment to State audit facilitation and Education Stabilization Fund Annual Performance Reporting, some management decision letters were not issued or were issued late. The NDE staff member performing the annual audit reviews was not aware of an additional subrecipient that needed reviewed. APA Response: The Special Education Cluster was not a major program for the second subrecipient in FY2020. For the third subrecipient, we originally requested the Agency’s fiscal monitoring documentation on December 21, 2023. Neb. Rev. Stat. § 84-305(2) (Cum. Supp. 2022) requires compliance with such a request to occur within “three business days after actual receipt of the request.” The only exceptions to that three-day response requirement are if there is “a legal basis for refusal to comply with the request” or “the entire request cannot with reasonable good faith efforts be fulfilled within three business days after actual receipt of the request due to the significant difficulty or the extensiveness of the request.” In either instance, § 84-305(2) requires the recipient of the request to take specific action in claiming the exception. The Agency failed to do so, clearly violating § 84-305(2). In no case not involving a legal basis for noncompliance, moreover, may the required compliance “exceed three calendar weeks after actual receipt of such request by any public entity.” Nevertheless, the additional documentation was not provided until over 11 weeks after being requested, which is another clear violation of § 84-305(2).
Program: Various, including AL 84.027 – Special Education Grants to States; AL 84.173 – COVID-19 Special Education Preschool Grants; AL 84.425D – COVID-19 Education Stabilization Fund – Elementary and Secondary School Emergency Relief Fund (ESSER I and ESSER II); AL 84.425U – COVID-19 Education Stabilization Fund – American Rescue Plan – Elementary and Secondary School Emergency Relief Fund (ARP ESSER) – Subrecipient Monitoring Grant Number & Year: Various, including H027A210079, FFY 2022; H173X210077, FFY 2022; S425D200048, grant period ending 9/30/2022; S425D210048, grant period ending 9/30/2023; S425U210048, grant period ending 9/30/2024. Federal Grantor Agency: U.S. Department of Education Criteria: Per 2 CFR § 3474.1 (January 1, 2023), the U.S. Department of Education adopted the OMB Uniform Guidance in 2 CFR part 200, except for 2 CFR § 200.102(a) and 200.207(a). Per 2 CFR § 200.403 (January 1, 2023), allowable costs must be necessary, reasonable, and adequately documented. 2 CFR § 200.332 (January 1, 2023) states, in relevant part, the following: All pass-through entities must: * * * * (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. * * * * (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward[.] * * * * (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. 2 CFR § 200.521 (January 1, 2023) states, in relevant part, the following: (c) Pass-through entity. As provided in § 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. Good internal control requires procedures to ensure that subrecipients are using grant funds for allowable purposes. Good internal control also requires procedures to ensure that subrecipient Single Audit reports are being reviewed, and management decision letters are being issued in a timely manner to ensure that corrective action is being implemented. Condition: For 3 of 27 subrecipients tested that received Federal funds from the Special Education Cluster, the Agency did not perform adequate subrecipient monitoring to ensure that funds were used for allowable purposes. For seven subrecipients tested that received Federal funds from the Education Stabilization Fund and/or Special Education Cluster, the Agency did not issue a management decision letter within the time requirement for five subrecipients and did not issue a management decision letter for two subrecipients. The Agency also failed to track and review the Single Audit report for one subrecipient. Repeat Finding: No Questioned Costs: Unknown Statistical Sample: No Context: The Agency performs various subrecipient monitoring activities during the year to ensure that subrecipients are using funds for an allowable purpose. These activities include reviewing a sample of expenditures from all reimbursement requests, tracking subrecipient audit requirements and reviewing Single Audit reports, and performing fiscal monitoring on a three-year basis. During review of reimbursement requests, the Agency does not perform procedures to ensure that salary and benefits allocated to the Special Education (SPED) grants are adequately supported by underlying documentation for a majority of its subrecipients. Rather the Agency relies on the fiscal monitoring to test that payroll is being properly allocated to grants, and the subrecipients have procedures in place to comply with Uniform Guidance Requirements. During testing of 27 subrecipients that received SPED grants, we noted the following for three subrecipients: • For the first subrecipient, the Agency had never completed a fiscal monitoring review. The Agency indicated that it was currently conducting fiscal monitoring of the school, but the subrecipient had been slow to provide documentation, resulting in delays. • The second subrecipient also did not have a fiscal monitoring review. At the time of the reimbursement, moreover, the Agency did not review any underlying documentation to support the costs allocated to the grant. The Agency stated that it relied on the entity’s annual audit to ensure costs were allocated properly; however, the subrecipient had not had a recent Single Audit in which the Special Education Cluster was a major program. • The third subrecipient had a fiscal monitoring review of payroll costs, but there was no documentation to show that the Agency had reviewed other purchased services at the time of reimbursement or during the fiscal monitoring. During review of the Agency’s procedures for reviewing subrecipient Single Audits, we noted the following: • For two subrecipients tested, their Single Audits noted significant deficiencies and material weaknesses, including one instance of questioned costs totaling $105,273; however, the Agency did not issue a management decision letter on the findings or provide documentation of any follow-up performed. • For five subrecipients tested, the management decision letter was issued eight to nine months after the audit was made available on the Federal Audit Clearinghouse (FAC). • One subrecipient was not being tracked by the Agency. This subrecipient had received $939,358 in Federal funds from the Agency. After the APA pointed this out, the Agency obtained a copy of the subrecipient’s Single Audit report, which noted no findings. Cause: Inadequate subrecipient monitoring procedures. The Agency stated it had other priorities during the year that delayed its review of the subrecipients’ Single Audit reports. Effect: Without adequate procedures, there is increased risk of noncompliance with Federal regulations, audit findings of subrecipients not being corrected, and an increased risk of loss or misuse of funds. Recommendation: We recommend the Agency review its procedures for reimbursements and fiscal monitoring to ensure subrecipients are operating in compliance with Federal requirements. We also recommend the Agency improve procedures to ensure that all subrecipients are being tracked for Single Audit requirements, and management decisions are issued in response to all findings in a timely manner. Management Response: First SPED subrecipient – The first recipient’s fiscal monitoring review is part of the current annual group of recipients being monitored; set to close June 30, 2024. Second SPED subrecipient – As part of the FY2020 federal Single Audit testing conducted by KPMG, determined the after-the-fact verification as a method to certify that the payment received on a project is reasonable in relation to the amount of work performed. Third SPED subrecipient – Purchased services and supplies were reviewed during fiscal monitoring, but the documentation was in paper form, not electronic, and was not initially provided to the auditors when requested. It was provided on March 4, 2024, when located. Single Audits – Due to extensive time commitment to State audit facilitation and Education Stabilization Fund Annual Performance Reporting, some management decision letters were not issued or were issued late. The NDE staff member performing the annual audit reviews was not aware of an additional subrecipient that needed reviewed. APA Response: The Special Education Cluster was not a major program for the second subrecipient in FY2020. For the third subrecipient, we originally requested the Agency’s fiscal monitoring documentation on December 21, 2023. Neb. Rev. Stat. § 84-305(2) (Cum. Supp. 2022) requires compliance with such a request to occur within “three business days after actual receipt of the request.” The only exceptions to that three-day response requirement are if there is “a legal basis for refusal to comply with the request” or “the entire request cannot with reasonable good faith efforts be fulfilled within three business days after actual receipt of the request due to the significant difficulty or the extensiveness of the request.” In either instance, § 84-305(2) requires the recipient of the request to take specific action in claiming the exception. The Agency failed to do so, clearly violating § 84-305(2). In no case not involving a legal basis for noncompliance, moreover, may the required compliance “exceed three calendar weeks after actual receipt of such request by any public entity.” Nevertheless, the additional documentation was not provided until over 11 weeks after being requested, which is another clear violation of § 84-305(2).
Program: Various, including AL 84.027 – Special Education Grants to States; AL 84.173 – COVID-19 Special Education Preschool Grants; AL 84.425D – COVID-19 Education Stabilization Fund – Elementary and Secondary School Emergency Relief Fund (ESSER I and ESSER II); AL 84.425U – COVID-19 Education Stabilization Fund – American Rescue Plan – Elementary and Secondary School Emergency Relief Fund (ARP ESSER) – Subrecipient Monitoring Grant Number & Year: Various, including H027A210079, FFY 2022; H173X210077, FFY 2022; S425D200048, grant period ending 9/30/2022; S425D210048, grant period ending 9/30/2023; S425U210048, grant period ending 9/30/2024. Federal Grantor Agency: U.S. Department of Education Criteria: Per 2 CFR § 3474.1 (January 1, 2023), the U.S. Department of Education adopted the OMB Uniform Guidance in 2 CFR part 200, except for 2 CFR § 200.102(a) and 200.207(a). Per 2 CFR § 200.403 (January 1, 2023), allowable costs must be necessary, reasonable, and adequately documented. 2 CFR § 200.332 (January 1, 2023) states, in relevant part, the following: All pass-through entities must: * * * * (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. * * * * (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward[.] * * * * (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. 2 CFR § 200.521 (January 1, 2023) states, in relevant part, the following: (c) Pass-through entity. As provided in § 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. Good internal control requires procedures to ensure that subrecipients are using grant funds for allowable purposes. Good internal control also requires procedures to ensure that subrecipient Single Audit reports are being reviewed, and management decision letters are being issued in a timely manner to ensure that corrective action is being implemented. Condition: For 3 of 27 subrecipients tested that received Federal funds from the Special Education Cluster, the Agency did not perform adequate subrecipient monitoring to ensure that funds were used for allowable purposes. For seven subrecipients tested that received Federal funds from the Education Stabilization Fund and/or Special Education Cluster, the Agency did not issue a management decision letter within the time requirement for five subrecipients and did not issue a management decision letter for two subrecipients. The Agency also failed to track and review the Single Audit report for one subrecipient. Repeat Finding: No Questioned Costs: Unknown Statistical Sample: No Context: The Agency performs various subrecipient monitoring activities during the year to ensure that subrecipients are using funds for an allowable purpose. These activities include reviewing a sample of expenditures from all reimbursement requests, tracking subrecipient audit requirements and reviewing Single Audit reports, and performing fiscal monitoring on a three-year basis. During review of reimbursement requests, the Agency does not perform procedures to ensure that salary and benefits allocated to the Special Education (SPED) grants are adequately supported by underlying documentation for a majority of its subrecipients. Rather the Agency relies on the fiscal monitoring to test that payroll is being properly allocated to grants, and the subrecipients have procedures in place to comply with Uniform Guidance Requirements. During testing of 27 subrecipients that received SPED grants, we noted the following for three subrecipients: • For the first subrecipient, the Agency had never completed a fiscal monitoring review. The Agency indicated that it was currently conducting fiscal monitoring of the school, but the subrecipient had been slow to provide documentation, resulting in delays. • The second subrecipient also did not have a fiscal monitoring review. At the time of the reimbursement, moreover, the Agency did not review any underlying documentation to support the costs allocated to the grant. The Agency stated that it relied on the entity’s annual audit to ensure costs were allocated properly; however, the subrecipient had not had a recent Single Audit in which the Special Education Cluster was a major program. • The third subrecipient had a fiscal monitoring review of payroll costs, but there was no documentation to show that the Agency had reviewed other purchased services at the time of reimbursement or during the fiscal monitoring. During review of the Agency’s procedures for reviewing subrecipient Single Audits, we noted the following: • For two subrecipients tested, their Single Audits noted significant deficiencies and material weaknesses, including one instance of questioned costs totaling $105,273; however, the Agency did not issue a management decision letter on the findings or provide documentation of any follow-up performed. • For five subrecipients tested, the management decision letter was issued eight to nine months after the audit was made available on the Federal Audit Clearinghouse (FAC). • One subrecipient was not being tracked by the Agency. This subrecipient had received $939,358 in Federal funds from the Agency. After the APA pointed this out, the Agency obtained a copy of the subrecipient’s Single Audit report, which noted no findings. Cause: Inadequate subrecipient monitoring procedures. The Agency stated it had other priorities during the year that delayed its review of the subrecipients’ Single Audit reports. Effect: Without adequate procedures, there is increased risk of noncompliance with Federal regulations, audit findings of subrecipients not being corrected, and an increased risk of loss or misuse of funds. Recommendation: We recommend the Agency review its procedures for reimbursements and fiscal monitoring to ensure subrecipients are operating in compliance with Federal requirements. We also recommend the Agency improve procedures to ensure that all subrecipients are being tracked for Single Audit requirements, and management decisions are issued in response to all findings in a timely manner. Management Response: First SPED subrecipient – The first recipient’s fiscal monitoring review is part of the current annual group of recipients being monitored; set to close June 30, 2024. Second SPED subrecipient – As part of the FY2020 federal Single Audit testing conducted by KPMG, determined the after-the-fact verification as a method to certify that the payment received on a project is reasonable in relation to the amount of work performed. Third SPED subrecipient – Purchased services and supplies were reviewed during fiscal monitoring, but the documentation was in paper form, not electronic, and was not initially provided to the auditors when requested. It was provided on March 4, 2024, when located. Single Audits – Due to extensive time commitment to State audit facilitation and Education Stabilization Fund Annual Performance Reporting, some management decision letters were not issued or were issued late. The NDE staff member performing the annual audit reviews was not aware of an additional subrecipient that needed reviewed. APA Response: The Special Education Cluster was not a major program for the second subrecipient in FY2020. For the third subrecipient, we originally requested the Agency’s fiscal monitoring documentation on December 21, 2023. Neb. Rev. Stat. § 84-305(2) (Cum. Supp. 2022) requires compliance with such a request to occur within “three business days after actual receipt of the request.” The only exceptions to that three-day response requirement are if there is “a legal basis for refusal to comply with the request” or “the entire request cannot with reasonable good faith efforts be fulfilled within three business days after actual receipt of the request due to the significant difficulty or the extensiveness of the request.” In either instance, § 84-305(2) requires the recipient of the request to take specific action in claiming the exception. The Agency failed to do so, clearly violating § 84-305(2). In no case not involving a legal basis for noncompliance, moreover, may the required compliance “exceed three calendar weeks after actual receipt of such request by any public entity.” Nevertheless, the additional documentation was not provided until over 11 weeks after being requested, which is another clear violation of § 84-305(2).
Program: AL 97.036 – Disaster Grants - Public Assistance (Presidentially Declared Disasters) – Subrecipient Monitoring Grant Number & Year: All open, including 4420-DR-NE, declared March 21, 2019 Federal Grantor Agency: U.S. Department of Homeland Security Criteria: 2 CFR § 200.332 (January 1, 2023) states, in relevant part, the following: All pass-through entities must: * * * * (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. * * * * (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 2 CFR § 200.501(b) (January 1, 2023) states, in relevant part, the following: “A non-Federal entity that expends $750,000 or more during the non-Federal entity’s fiscal year in Federal awards must have a single audit conducted in accordance with § 200.514 . . .” Per Chapter VII, Section B, of the Agency’s 2023 Annual Administrative Plan for the Public Assistance Program, it is the State’s responsibility to review Single audits completed by subrecipients and to ensure appropriate action is taken for adverse findings. A good internal control plan requires procedures to ensure subrecipient audits are reviewed timely. Condition: The Agency did not ensure subrecipient Single Audits were obtained timely. Repeat Finding: No Questioned Costs: None Statistical Sample: No Context: The Agency utilizes a spreadsheet to track whether subrecipients obtain Single Audits when required. Additionally, the Agency sends letters to all subrecipients requiring them to respond on whether they were required to obtain a Single Audit. However, the Agency did not complete these processes during fiscal year 2023. We selected six subrecipients for testing that would have required a Single Audit be issued during State fiscal year 2023 based on the amount of funds they received from the Agency. For all six subrecipients tested, the Agency had not verified whether or not the subrecipients obtained Single Audits prior to our inquiry in December 2023. One of the six subrecipients appears to have required a Single Audit because it received $1,261,565 in disaster grant funds passed through the Agency during fiscal year 2022, but it did not obtain one. Cause: According to Agency representatives, the process was not completed due to a severe lack of staffing. Effect: Without adequate monitoring procedures, there is an increased risk that Federal awards could be used for unallowable costs. Recommendation: We recommend the Agency implement procedures to ensure subrecipient audits are reviewed timely. Management Response: Due to the Agency’s extreme staffing shortage which has persisted for two years, NEMA has had to prioritize workload. This has been particularly acute with Federal Aid Administrators to whom the tasks of subrecipient monitoring fall. Several projects slipped the normal timeframes for completion.
Program: AL 20.509 – Formula Grants for Rural Areas – Allowability & Subrecipient Monitoring Grant Number & Year: NE-2019-013-00, Performance End FFY 2023; NE-2022-019-00, Performance End FFY 2024 Federal Grantor Agency: U.S. Department of Transportation Criteria: Per 2 CFR § 1201.1 (January 1, 2023), the U.S. Department of Transportation adopted the Uniform Administrative Requirements, Cost Principles, and Audit Requirements set forth at Title 2 CFR part 200. 2 CFR § 200.403 (January 1, 2023) requires costs to be reasonable, necessary, and adequately documented. A good internal control plan requires procedures to be in place to ensure compliance with Federal and State requirements. 2 CFR § 200.332(d) (January 1, 2023) requires the pass-through entity to do the following: Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. 2 CFR § 200.430(i)(1) (January 1, 2023) states the following, in relevant part: Charges to Federal awards for salaries and wages must be based on records that accurately reflect the work performed. These records must: (i) Be supported by a system of internal control which provides reasonable assurance that the charges are accurate, allowable, and properly allocated; * * * * (vii) Support the distribution of the employee’s salary or wages among specific activities or cost objectives if the employee works on more than one Federal award; a Federal award and non-Federal award; an indirect cost activity and a direct cost activity; two or more indirect activities which are allocated using different allocation bases; or an unallowable activity and a direct or indirect cost activity. (viii) Budget estimates (i.e., estimates determined before the services are performed) alone do not qualify as support for charges to Federal awards . . . . 2 CFR § 200.431(b) (January 1, 2023) states the following, in relevant part: Leave. The cost of fringe benefits in the form of regular compensation paid to employees during periods of authorized absences from the job, such as for annual leave, family-related leave, sick leave, holidays, court leave, military leave, administrative leave, and other similar benefits, are allowable if all of the following criteria are met: * * * * (2) The costs are equitably allocated to all related activities, including Federal awards . . . . 2 CFR § 200.467 (January 1, 2023) states the following: Costs of selling and marketing any products or services of the non-Federal entity (unless allowed under § 200.421) are unallowable, except as direct costs, with prior approval by the Federal awarding agency when necessary for the performance of the Federal award. Per 2 CFR § 200.405(a) (January 1, 2023), “A cost is allocable to a particular Federal award or other cost objective if the goods or services involved are chargeable or assignable to that Federal award or cost objective in accordance with relative benefits received.” Condition: The Agency lacked adequate documentation to support that payments were for allowable activities and in accordance with allowable cost principles. A similar finding was noted in the prior audit. Repeat Finding: 2022-057 Questioned Costs: $82,967 known (NE-2019-013-00 $82,121; NE-2022-019-00 $846) Statistical Sample: No Context: During the fiscal year, the Agency paid 58 subrecipients a total of $10,974,293. We selected 24 payments to subrecipients for testing. The Agency performed financial reviews for subrecipients; however, the reviews tested did not always include all necessary supporting documentation. When additional documentation was needed, we gave the Agency the opportunity to obtain additional support from the subrecipient; however, adequate support was not always obtained or able to be provided. Our random sample included an operating assistance reimbursement to North Fork Area Transit (NFAT). As identified in both the prior Single audit and a separate letter sent to the Agency, dated August 7, 2023, reimbursements for questionable expenditures were made to NFAT during the period April 1, 2022, to November 30, 2022. The former NFAT director was alleged to have committed fraud during this period. Our current testing included the reimbursement for NFAT’s August 2022 expenditures. The payment tested reimbursed NFAT $201,438 in Federal dollars. Of that amount, $78,348 was questioned, as follows: • NFAT was reimbursed $21,665 for nonoperating personnel when the timesheets supporting the time worked were all copies of the same timesheet. • NFAT was reimbursed $29,072 for operating personnel hours worked that did not appear reasonable. We noted nine employees whose hours for the four-week period were between 234.6 to 321.12 hours. This averages from 58.65 to 80.28 hours per week for each employee. Such large weekly averages give rise to concerns about not only the reasonableness and necessity of these payments but also possible compliance issues with labor standards – not to mention safety issues for riders. This was also identified in the letter dated August 7, 2023, in which employees were identified as working excessive overtime. An additional $376 was questioned, as the number of work hours for which one employee received compensation did not agree to those listed on his timesheet. • NFAT was reimbursed $12,874 for vendor payments that never appear to have cleared the bank. Invoices and checks were provided to support the maintenance expenses reimbursed; however, the checks provided never cleared the bank. This was also identified in the letter dated August 7, 2023, which noted that the Director appeared to have written the checks but not paid the vendors. • NFAT was reimbursed $14,361 for a duplicate payment. An invoice and check were provided to support the reimbursement of an insurance expense; however, this same expense was also submitted and reimbursed by the Agency in NFAT’s September 2022 request for reimbursement. We also noted issues with 12 of the 24 subrecipient payments tested, amounting to $4,619 in questioned costs, due to the following: • For eight subrecipients tested, documentation was inadequate to support that personnel charges were allowable and in accordance with Federal cost principles, resulting in questioned costs of $2,705. Specifically, we noted the following: o Payments for employee leave was not equitably allocated based on time worked. o One subrecipient had wages reimbursed based on budgeted amounts. o One subrecipient was reimbursed for health insurance for two employees who had elected to receive wages in lieu of such insurance. o One subrecipient requested reimbursement for wages that did not agree with the amount paid to employees. • For six subrecipients tested, questioned costs of $1,914 were identified due to inadequate support for capital and nonoperating costs. Questioned costs included the following: o One subrecipient was reimbursed for carpet adhesive that was later returned to the store. The subrecipient reimbursed the Director for the purchase of the carpet adhesive on her personal credit card, but the Agency was unable to identify a subsequent reimbursement request that reduced the amount sought for the returned items. Additionally, the subrecipient paid the Director for travel to another state to purchase the carpet adhesive, which not only could have been obtained from a more nearby merchant but also was ultimately returned. o Unreasonable travel reimbursements were noted. Among those was reimbursement for costs incurred by the subrecipient’s Director to travel to a meeting of an unaffiliated organization’s Board of Directors upon which she served as a member. That travel to attend a separate Board meeting was unrelated to the transit program. o A subrecipient was reimbursed for fees related to obtaining a trademark, which appears to have been a marketing expense that was not approved by the Federal awarding agency. o One subrecipient was reimbursed for an administrative fee that was not supported. The payment tested included a 7% administrative fee that was not specified in the agreement. o One subrecipient was reimbursed for unreasonable items, such as Christmas décor and Christmas candy. o One subrecipient was reimbursed for bookkeeping expenses; however, the subrecipient did not provide documentation to support that the amount allocated for that purpose was reasonable. Based on the sample tested, we estimate the potential dollars at risk for the fiscal year to be $501,670, as detailed below: See Schedule of Findings and Questioned Costs for chart/table. Cause: Procedures were inadequate to ensure that costs were in accordance with Federal requirements. Effect: Increased risk for errors or misuse of funds. Recommendation: We recommend the Agency strengthen subrecipient monitoring procedures. We further recommend the Agency improve procedures to ensure expenditures are allowable and in accordance with Federal regulations. Management Response: NDOT concurs with the findings and has revised reimbursement guidelines for subrecipients, clarifying allowed expenses and required documentation. Over the next 6-12 months, NDOT will conduct training sessions with subrecipients and collaborate with internal auditors on compliance matters. The establishment of the “Federal Oversight” unit within the Transit Section aims to improve monitoring, consistency, and compliance with federal requirements for all subrecipients.
Program: AL 20.509 – Formula Grants for Rural Areas – Subrecipient Monitoring Grant Number & Year: NE-2021-011-00, Performance End FFY 2024; NE-2022-019-00, Performance End FFY 2024 Federal Grantor Agency: U.S. Department of Transportation Criteria: Per 2 CFR § 1201.1 (January 1, 2023), the U.S. Department of Transportation adopted the Uniform Administrative Requirements, Cost Principles, and Audit Requirements set forth at Title 2 CFR part 200. 2 CFR § 200.332 (January 1, 2023) requires all pass-through entities to do the following: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. . . . Required information includes: (1) Federal award identification. * * * * (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date[.] Good internal control requires procedures to ensure that subrecipients are informed of all required information. Condition: The Agency did not communicate all required information to subrecipients. Repeat Finding: No Questioned Costs: None Statistical Sample: No Context: During the fiscal year, 58 subrecipients received Federal funding. We tested six subrecipients and noted that the Agency did not properly communicate to them the FAIN, the Federal award date, or the subaward period of performance start and end dates. For the six subrecipients tested, the Agency provided a supplemental agreement that identified the availability of new Federal funding; however, the supplemental agreement did not communicate all necessary Federal award information. Subrecipient expenditures totaled $10,974,293 during the fiscal year. Cause: The supplemental agreement sent to all subrecipients did not include the FAIN, the Federal award date, or the subaward period of performance start and end dates. Effect: When subrecipients are not informed of all required information, there is an increased risk for subrecipient noncompliance, including with audit requirements. Recommendation: We recommend the Agency strengthen subrecipient agreements to ensure that subrecipient program agreements include all information required to be communicated. Management Response: NDOT acknowledges all findings and has incorporated Federal Identification details into the updated supplemental agreement template, intending to include all FAIN information in future supplemental agreements.
Program: AL 21.027 – COVID-19 – Coronavirus State and Local Fiscal Recovery Funds – Allowability & Subrecipient Monitoring Grant Number & Year: SLFRP1965, March 3, 2021, through December 31, 2024 Federal Grantor Agency: U.S. Department of the Treasury Criteria: 31 CFR § 35.6(b) (July 1, 2022) states, in relevant part, the following: A recipient may use funds to respond to the public health emergency or its negative economic impacts if the use meets the criteria provided in paragraph (b)(1) of this section or is enumerated in paragraph (b)(3) of this section; provided that, in case of a use of funds for a capital expenditure under paragraph (b)(1) or (b)(3) of this section, the use of funds must also meet the criteria provided in paragraph (b)(4) of this section. Treasury may also articulate additional eligible programs, services, or capital expenditures from time to time that satisfy the eligibility criteria of this paragraph (b), which shall be eligible under this paragraph (b). (1) Identifying eligible responses to the public health emergency or its negative economic impacts. (i) A program, service, or capital expenditure is eligible under this paragraph (b)(1) if a recipient identifies a harm or impact to a beneficiary or class of beneficiaries caused or exacerbated by the public health emergency or its negative economic impacts and the program, service, or capital expenditure responds to such harm. (ii) A program, service, or capital expenditure responds to a harm or impact experienced by an identified beneficiary or class of beneficiaries if it is reasonably designed to benefit the beneficiary or class of beneficiaries that experienced the harm or impact and is related and reasonably proportional to the extent and type of harm or impact experienced. * * * * (3) A recipient may use funds to respond to the public health emergency or its negative economic impacts on a beneficiary or class of beneficiaries for one or more of the following purposes unless such use is grossly disproportionate to the harm caused or exacerbated by the public health emergency or its negative economic impacts: * * * * (ii) Responding to the negative economic impacts of the public health emergency for purposes including: * * * * (C) Assistance to nonprofit organizations including programs, services, or capital expenditures, including loans or grants to mitigate financial hardship such as declines in revenues or increased costs, or technical assistance[.] 31 CFR § 35.6(c) (July 1, 2022) states the following: A recipient may use funds to provide premium pay to eligible workers of the recipient who perform essential work or to provide grants to eligible employers that have eligible workers who perform essential work, provided that any premium pay or grants provided under this paragraph (c) must respond to eligible workers performing essential work during the COVID–19 public health emergency. A recipient uses premium pay or grants provided under this paragraph (c) to respond to eligible workers performing essential work during the COVID–19 public health emergency if: (1) The eligible worker's total wages and remuneration, including the premium pay, is less than or equal to 150 percent of the greater of such eligible worker's residing State's or county's average annual wage for all occupations as defined by the Bureau of Labor Statistics' Occupational Employment and Wage Statistics; (2) The eligible worker is not exempt from the Fair Labor Standards Act overtime provisions (29 U.S.C. 207); or (3) The recipient has submitted to the Secretary a written justification that explains how providing premium pay to the eligible worker is responsive to the eligible worker performing essential work during the COVID–19 public health emergency (such as a description of the eligible workers' duties, health, or financial risks faced due to COVID–19, and why the recipient determined that the premium pay was responsive despite the worker's higher income). 31 CFR § 35.3 (July 1, 2022) defines “premium pay,” in relevant part, as follows: Premium pay means an amount of up to $13 per hour that is paid to an eligible worker, in addition to wages or remuneration the eligible worker otherwise receives, for all work performed by the eligible worker during the COVID–19 public health emergency. Such amount may not exceed $25,000 in total over the period of performance with respect to any single eligible worker. Additionally, the “Final Rule” was released by the U.S. Department of the Treasury on January 6, 2022. The Final Rule, Section II. Eligible Uses, A. Public Health and Negative Economic Impacts, 1. General Provisions: Structure and Standards, a. Standards for Identifying a Public Health or Negative Economic Impact, Standards: Designating a Negative Economic Impact, states the following, in relevant part: (Page 4344) First, there must be a negative economic impact, or an economic harm, experienced by an individual or a class. The recipient should assess whether, and the extent to which, there has been an economic harm, such as loss of earnings or revenue, that resulted from the COVID-19 public health emergency. A recipient should first consider whether an economic harm exists and then whether this harm was caused or made worse by the COVID-19 public health emergency. * * * * Second, the response must be designed to address the identified economic harm or impact resulting from or exacerbated by the public health emergency. In selecting responses, the recipient must assess whether, and the extent to which, the use would respond to or address this harm or impact. * * * * Responses must be reasonably designed to benefit the individual or class that experienced the negative economic impact or harm. Uses of funds should be assessed based on their responsiveness to their intended beneficiary and the ability of the response to address the impact or harm experienced by that beneficiary. Responses must also be related and reasonably proportional to the extent and type of harm experienced. The Final Rule, Section II. Eligible Uses, A. Public Health and Negative Economic Impacts, 3. Negative Economic Impacts, c. Assistance to Nonprofits, states the following, in relevant part: (Page 4380) The interim final rule provided for, and the final rule maintains, the ability for recipients to provide direct assistance to nonprofits that experienced public health or negative economic impacts of the pandemic. Specifically, recipients may provide direct assistance to nonprofits if the nonprofit has experienced a public health or negative economic impact as a result of the pandemic. For example, if a nonprofit organization experienced impacts like decreased revenues or increased costs (e.g., through reduced contributions or uncompensated increases in service need), and a recipient provides funds to address that impact, then it is providing direct assistance to the nonprofit as a beneficiary under Subsection (c)(1) of Sections 602 and 603. Direct assistance may take the form of loans, grants, in-kind assistance, technical assistance, or other services that respond to the negative economic impacts of the COVID–19 public health emergency. The Final Rule, Section II. Eligible Uses, A. Public Health and Negative Economic Impacts, 4. General Provisions: Other, a. Public Sector Capacity and Workforce, states the following, in relevant part: (Page 4386) The final rule allows for an expanded set of eligible uses to restore and support public sector employment. Eligible uses include hiring up to a pre-pandemic baseline that is adjusted for historic underinvestment in the public sector, providing additional funds for employees who experienced pay cuts or were furloughed, avoiding layoffs, providing worker retention incentives, and paying for ancillary administrative costs related to hiring. * * * * The final rule provides two options to restore pre-pandemic employment, depending on recipient’s needs. Under the first and simpler option, recipients may use SLFRF funds to rehire staff for pre-pandemic positions that were unfilled or were eliminated due the pandemic without undergoing further analysis. Under the second option, the final rule provides recipients an option to hire above the pre-pandemic baseline, by adjusting the pre-pandemic baseline for historical growth in public sector employment over time, as well as flexibility on roles for hire. * * * * To pursue the second option, recipients should undergo the analysis provided below. In short, this option allows recipients to pay for payroll and covered benefits associated with the recipient increasing its number of budgeted full-time equivalent employees (FTEs) up to 7.5 percent above its pre-pandemic employment baseline, which adjusts for the continued underinvestment in state and local governments since the Great Recession. * * * * Funds may be used to maintain current compensation levels, with adjustments for inflation, in order to prevent layoffs that would otherwise be necessary. Recipients must be able to substantiate that layoffs were likely in the absence of SLFRF funds and would be substantially due to the public health emergency or its negative economic impacts (e.g., fiscal pressures on state and local budgets) and should document their assessment. * * * * Funds may be used to provide worker retention incentives, which are designed to persuade employees to remain with the employer as compared to other employment options. Recipients must be able to substantiate that the employees were likely to leave employment in the absence of the retention incentive and should document their assessment. * * * * All worker retention incentives must be narrowly tailored to need and should not exceed incentives traditionally offered by the recipient or compensation that alternative employers may offer to compete for the employees. Further, because retention incentives are intended to provide additional incentive to remain with the employer, they must be entirely additive to an employee’s regular rate of wages and other remuneration and may not be used to reduce or substitute for an employee’s normal earnings. Treasury will presume that retention incentives that are less than 25 percent of the rate of base pay for an individual employee or 10 percent for a group or category of employees are reasonably proportional to the need to retain employees, as long as the other requirements are met. The Final Rule, Section II. Eligible Uses, A. Public Health and Negative Economic Impacts, 4. General Provisions: Other, b. Capital Expenditures, Overview of General Standards, states the following, in relevant part: (Page 4391) Large capital expenditures intended for general economic development or to aid the travel, tourism, and hospitality industries—such as convention centers and stadiums—are, on balance, generally not reasonably proportional to addressing the negative economic impacts of the pandemic, as the efficacy of a large capital expenditure intended for general economic development in remedying pandemic harms may be very limited compared to its cost. The Final Rule, Footnote 230, states the following, in relevant part: (Page 4379) Ultimately, recipients must comply with the eligible use requirements and any other applicable laws or requirements and are responsible for the actions of their subrecipients or beneficiaries. Per 2 CFR § 1000.10 (January 1, 2023), “[T]he Department of the Treasury adopts the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, set forth at 2 CFR part 200.” 2 CFR § 200.332 (January 1, 2023) states, in relevant part, the following: All pass-through entities must: * * * * (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. 2 CFR § 200.430(i)(1) (January 1, 2023) states, in relevant part, the following: Charges to Federal awards for salaries and wages must be based on records that accurately reflect the work performed. These records must: * * * * (vii) Support the distribution of the employee's salary or wages among specific activities or cost objectives if the employee works on more than one Federal award; a Federal award and non- Federal award; an indirect cost activity and a direct cost activity; two or more indirect activities which are allocated using different allocation bases; or an unallowable activity and a direct or indirect cost activity. 2 CFR § 200.303 (January 1, 2023) states, in relevant part, the following: The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Per 2 CFR § 200.403 (January 1, 2023), costs must be necessary, reasonable, and adequately documented. Good internal control and sound business practices requires procedures for ensuring that: 1) grants issued to beneficiaries are reasonable and proportional to the harm identified; 2) premium pay is correctly calculated; and 3) all expenditures of funds are for allowable purposes. Condition: The State lacked procedures for ensuring that grants issued to beneficiaries for worker retention and incentives were used for such purposes. The State lacked both procedures and the requisite knowledge to ensure that the premium charged to the grant was allowable. The State lacked procedures to ensure that grants to nonprofits were proportional to the negative economic harm incurred. The State lacked subrecipient monitoring procedures. The State possibly made fraudulent payments under the State’s nursing scholarship program. Repeat Finding: No Questioned Costs: $23,452,594 Known Statistical Sample: No Context: We noted the following: Payments to Developmental Disability Providers, Assisted-Living Facilities, and Nursing Facilities for Employee Retention and Recruitment Nebraska Legislative Bill (LB) 1014 (2022), section 23, appropriated $20,000,000 from the Coronavirus State and Local Fiscal Recovery Funds (CSLFRF) grant to the Department of Health and Human Services (DHHS) for state fiscal year 2023 to be used for Developmental Disability (DD) provider rate increases for the purpose of enhancing employee retention and recruitment at the DD providers. DHHS implemented a 9% rate increase for select DD services in state fiscal year 2023. During the fiscal year, DD claims were paid out using State and Federal funds in accordance with the applicable Federal matching percentage (FMAP). In June 2023, DHHS made a journal entry to transfer $19,995,679 in expenditures from the State and Federal General Funds to the CSLFRF grant in accordance with the FMAP rates. LB 1014, section 27, appropriated $5,462,800 from the CSLFRF grant to DHHS for State fiscal year 2023 to be paid out to assisted-living facilities for the following: 1) “Incentives for staff members employed by the licensed assisted-living facility in order to enhance employee recruitment and retention”; and 2) “Assistance with costs for supplies and equipment purchased by the licensed assisted-living facility.” DHHS paid out $5,068,000 to assisted-living facilities during state fiscal year 2023. LB 1014, section 28, appropriated $20,000,000 from the CSLFRF grant to DHHS for state fiscal year 2023 to be paid out to Medicaid-certified nursing facilities. The funds were to be used to provide supplemental incentive payments for direct care staff members employed at the nursing facilities. DHHS paid out $20,000,000 to nursing facilities during state fiscal year 2023. During a testing of a random sample of 25 CSLFRF payments, we tested seven payments to nursing facilities, totaling $1,304,915. We asked for documentation of how DHHS ensured that the payments were used for allowable employee retention and recruitment programs, and for any documented assessments that were required by the Final Rule for worker incentive programs. According to DHHS, the funds were paid out in accordance with the requirements of LB 1014; however, DHHS acknowledged lacking procedures to ensure that the beneficiaries were using the funds for eligible recruitment and retention purposes. Additionally, DHHS failed to provide the required documented assessments per the Final Rule. Given the lack of procedures to support that funds were being used for allowable purposes, all seven payments of the $1,304,915 tested are considered questioned costs. Additionally, the entire $20,000,000 paid out during the fiscal year are considered potential dollars at risk. Additionally, we tested one $110,400 payment to an assisted-living facility under LB 1014, Section 27. Similar to the nursing facility payments tested, DHHS lacked procedures for ensuring that the assisted-living facilities were using the funds for eligible recruitment and retention purposes. Therefore, the $110,400 payment tested is considered a questioned cost. Lastly, we tested the journal entries transferring $19,995,679 in expenditures to the CSLFRF grant for DD provider rate increases. Again, DHHS lacked procedures for ensuring that the DD providers were using the funds for eligible recruitment and retention purposes. Therefore, the journal entries tested for $19,995,679 are considered questioned costs. We also noted that, due to an oversight error, one nursing facility that had certified Medicaid beds did not receive its proportional allocation of $43,138. Instead, that amount was split among the other nursing facilities that received payments. Premium Pay LB 1014, section 12, appropriated $3,546,602 to the Department of Veterans’ Affairs (DVA) from the CSLFRF grant to be used for premium pay. In September 2022, the DVA posted journal entries to move payroll costs of $3,546,602 to the CSLFRF grant. However, we noted that the DVA did not review the premium pay eligibility requirements, which resulted in the following errors: • The DVA moved $357,039 of payroll costs associated with individuals who had earnings of more than 150% of the applicable average wage for all occupations and were not exempt from the Fair Labor Standards Act overtime provisions, which is not allowable. • $145,205 of the payroll costs moved were for premium pay that exceeded $25,000 per person, which is not allowable. • The DVA moved payroll costs that were not for premium pay and were not in addition to wages the workers were already receiving. From a detail test of 25 employees, $371,683 out of $585,901 of payroll costs were not related to premium pay. After the errors noted above were communicated to the DVA, the DVA recalculated the amount to charge the CSLFRF grant for premium pay, and the DVA calculated that only $1,518,092 should have been charged to the CSLFRF grant. We verified that, for the 25 employees previously tested, the DVA’s revised calculation agreed to our calculation. We verified also that the DVA’s revised calculation excluded individuals whose wages exceeded 150% of the applicable average wage for all occupations, and premium pay was capped at $25,000 for each employee. Therefore, the $2,028,510 difference between the $3,546,602 charged to the grant and the revised calculation of $1,518,092 is considered a questioned cost. Assistance to Nonprofits LB 1014, section 46, appropriated $100,000,000 to the Department of Economic Development (DED) from the CSLFRF grant to be used to provide grants to qualified nonprofit organizations to assist with capital projects that have been delayed due to COVID-19. In order to receive a grant, a nonprofit had to submit a grant application attesting to have experienced negative economic harm due to the public health emergency. During our testing, we noted that DED did not require nonprofits to submit documentation to substantiate having experienced a negative economic impact due to the pandemic that was equivalent or reasonably proportional to the grant award. We also noted that, for two of the nonprofit payments selected for testing, the two nonprofits received grant awards of $12,664,600 each to be used solely for the purpose of construction and development of sports complexes for competitive sports and economic growth. Per the CSLFRF Final Rule, large capital projects intended for general economic growth are not generally proportional responses to negative harm. Therefore, if the nonprofits had not suffered an economic harm due to COVID-19, these projects would otherwise not be an eligible use of CSLFRF funds. We gave DED the opportunity to obtain documentation from the nonprofits to support that they experienced a negative economic impact proportional to the amount awarded. In all instances, DED was able to obtain documentation substantiating the negative economic harm in excess of the grant amounts awarded. University of Nebraska The University of Nebraska (University) was awarded $86,650,000 in a subaward to be used for a number of projects, including increasing the capacity of behavioral health care and rural health care. To monitor this subaward, the Military Department (Military) received and reviewed reports from the University and would have monthly meetings to discuss updates and whether deadlines were being met. Military stated that, beyond these monthly meetings, there were no planned procedures for reviewing any expenditures to ensure they were for allowable purposes and met the requirements of the Uniform Guidance, which is set out under 2 CFR Part 200 to establish uniform administrative requirements, cost principles, and audit requirements for Federal awards to non-Federal entities. We selected one CSLFRF expenditure recorded by the University. The payment was for $116,670 and made to a subrecipient of the University. The subrecipient was a behavioral health provider and was used to increase telehealth capacity. During review of supporting documentation, we noted that adequate documentation was not on file to support the salary and fringe benefits charged to the CSLFRF grant for the two subrecipient employees tested. The employees’ salary and fringe benefits had been allocated to the CSLFRF grant based on historical data and “prior experience with similar programs.” As noted in 2 CFR § 200.430(h)(8)(viii), however, “Budget estimates (i.e., estimates determined before the services are performed) alone do not qualify as support for charges to Federal awards . . . .” Consequently, we consider the $8,090 in salary and benefits charged for the two employees to be questioned costs. The total salary and fringe benefits reimbursed on the payment tested amounted to $29,277. Nursing Scholarships During testing procedures, DHHS reported to us $5,000 in payments that were made due to fraudulent nursing scholarship applications submitted to, and accepted by, DHHS. Per DHHS’s subsequent review, the applicant fraudulently claimed on her application that she was enrolled in a nursing program during the spring and summer 2023 terms. DHHS has reported this to the U.S. Department of the Treasury. These $5,000 payments are considered questioned costs. Cause: The State had inadequate procedures to ensure that the grant was used for allowable purposes, and staff had inadequate knowledge of the requirements of the CSLFRF. Effect: Without adequate supporting documentation and review procedures, there is an increased risk that Federal awards could be used for unallowable costs. Recommendation: We recommend the State strengthen procedures for ensuring that all Federal funds are used for intended and allowable purposes. We further recommend that the State take steps to recoup any payments for which either the beneficiary cannot support the proper use of the grant funds received or to the economic harm experienced. Management Response: Payments to Developmental Disability Providers, Assisted-Living Facilities, and Nursing Facilities for Employee Retention and Recruitment: Department of Health and Human Services (DHHS) disagrees with questioned costs of $21,410,994 ($1,304,915 Nursing Facilities, $110,400 Assisted Living Facilities, $19,995,679 Developmental Disabilities Providers). Payments made to Developmental Disability Providers, Assisted-Living Facilities, and Nursing Facilities followed federal regulations and were accurately distributed as directed by the legislature and signed legislation, LB1014. Payments to each facility were based on approved amounts in the legislative bill. In addition, DHHS properly passed requirements and regulatory information on to the providers. DHHS issued the following guidance document (as required by the legislation as well) https://dhhs.ne.gov/Grants%20and%20Contract%20Opportunity%20Docs/LB1014%20Guidance%20Document_DHHS%20DL%206-13-22.pdf#search=LB1014. If DHHS becomes aware of known unallowable activities, we will recoup applicable funds. Premium Pay: As noted in the Auditors Comments, NDVA made the necessary corrections to their workbooks to comply with these guidelines. However, the amounts reflected in the Auditors comments were only for eligible expenses through September of 2022 and did not take into consideration the entire Fiscal Year 2023. NDVA’s eligible expenses as of June 30, 2023, were $3,695,625, which exceeded the $3,546,602 appropriated in LB 1014 by approximately $148,460. Assistance to Nonprofits: DED acknowledges that with respect to its American Rescue Plan Act Shovel-Ready program in some cases it did not collect sufficient documentation to show the nonprofit organization suffered an economic harm related to and reasonably proportionate to DED’s award. University of Nebraska: NEMA continues to monitor the University of Nebraska (University) subaward through the review of reports and monthly progress meetings. APA Response: Per the CSLFRF final rule, the recipient, which is the State, must comply with the eligible use requirements and is ultimately responsible for the actions of its beneficiaries. No documentation was provided to support that the funds granted to Developmental Disability Providers, Assisted-Living Facilities, and Nursing Facilities were spent on allowable retention and recruitment efforts or that any applicable pre-analysis required by the CSLFRF final rule was completed. The journal entry prepared by NDVA was done in September 2022. It covers the premium pay given in November 2021 to June 2022. We were not provided a spreadsheet with updated calculations, nor did the Agency make any adjustments in the accounting system to show this as an offset of fiscal year 2023 expenses.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.