2023-097: Perform Responsibilities Outlined in the Agency Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-011; 2021-070; 2020-074; 2019-090; 2018-093 Type of Finding: Internal Control and Compliance Severity of Deficiency: Material Weakness Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.303(a); 2 CFR § 200.332 Known Questioned Costs: $0 Social Services’ Compliance Division (Compliance) continues to not adhere to its established approach to oversee the agency’s subrecipient monitoring activities, as outlined in its Agency Monitoring Plan. According to Social Services’ Organizational Structure Report, Compliance is responsible for agency-wide compliance and risk mitigation that helps to ensure adherence to state and federal legal and regulatory standards, including subrecipient monitoring. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds through roughly 5,400 subawards from 35 federal grant programs. During the audit, we noted the following deviations from the Agency Monitoring Plan: While Compliance has updated and finalized the Agency Monitoring Plan, it has not communicated it to Subrecipient Monitoring Coordinators in divisions with subrecipient monitoring responsibilities. Because of the lack of communication, there were deviations from the Agency Monitoring Plan at the division level. For example, the Agency Monitoring Plan requires each division to monitor subrecipients once every three years. However, the Local Review Team did not consider this requirement because Compliance did not communicate the Agency Monitoring Plan to Subrecipient Monitoring Coordinators. The Local Review Team did, however, implement a risk-based approach to monitoring subrecipients as required by the Agency Monitoring Plan. Compliance continues to not review division monitoring plans to ensure the divisions implement a risk-based approach for monitoring subrecipients. The Agency Monitoring Plan states that Compliance will use a Monitoring Plan Checklist to evaluate and determine if all the required elements for subrecipient monitoring are present in each division’s plan. Because of the lack of review, the Division of Benefit Programs’ (Benefit Programs) fiscal year 2023 monitoring plan did not meet all the requirements outlined in the Agency Monitoring Plan because it did not include a risk-based approach for subrecipient monitoring and did not consider all subrecipients who receive funding from the Temporary Assistance for Needy Families (TANF) federal grant program. Additionally, while the Office of New Americans has adequate subrecipient monitoring processes, it does not have a written monitoring plan as required by the Agency Monitoring Plan. Compliance continues to not analyze each division’s subrecipient monitoring activities. As a result, Compliance has not produced quarterly reports of variances and noncompliance to brief Social Services’ Executive Team on the agency’s subrecipient monitoring activities. Because of Compliance’s lack of analysis and communication, the Executive Team was unaware of the deviations noted above. Title 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Without performing the responsibilities in the Agency Monitoring Plan, Social Services cannot provide reasonable assurance that the agency has complied with pass-through entity federal requirements at 2 CFR § 200.332. Because of the scope of this matter and the magnitude of Social Services’ subrecipient monitoring responsibilities, we consider these weaknesses collectively to create a material weakness in internal control over compliance. Since the prior audit, Compliance and Social Services’ Executive Team have worked together to discuss solutions to address this audit finding. Social Services is considering procuring a grants management system and Compliance has worked with the agency’s Division of Information Technology to determine whether it can utilize this system to fulfil its subrecipient monitoring responsibilities. Compliance has also discussed the need for additional staff to assist with subrecipient monitoring oversight with the Executive Team. However, Compliance has not implemented these corrective actions as of the end of fiscal year 2023 because of the level of effort and considerations involved with these corrective actions. Therefore, Compliance should continue to work with the Executive Team to make sure that it has the appropriate level of resources to fulfil its responsibilities in the Agency Monitoring Plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-097: Perform Responsibilities Outlined in the Agency Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-011; 2021-070; 2020-074; 2019-090; 2018-093 Type of Finding: Internal Control and Compliance Severity of Deficiency: Material Weakness Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.303(a); 2 CFR § 200.332 Known Questioned Costs: $0 Social Services’ Compliance Division (Compliance) continues to not adhere to its established approach to oversee the agency’s subrecipient monitoring activities, as outlined in its Agency Monitoring Plan. According to Social Services’ Organizational Structure Report, Compliance is responsible for agency-wide compliance and risk mitigation that helps to ensure adherence to state and federal legal and regulatory standards, including subrecipient monitoring. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds through roughly 5,400 subawards from 35 federal grant programs. During the audit, we noted the following deviations from the Agency Monitoring Plan: While Compliance has updated and finalized the Agency Monitoring Plan, it has not communicated it to Subrecipient Monitoring Coordinators in divisions with subrecipient monitoring responsibilities. Because of the lack of communication, there were deviations from the Agency Monitoring Plan at the division level. For example, the Agency Monitoring Plan requires each division to monitor subrecipients once every three years. However, the Local Review Team did not consider this requirement because Compliance did not communicate the Agency Monitoring Plan to Subrecipient Monitoring Coordinators. The Local Review Team did, however, implement a risk-based approach to monitoring subrecipients as required by the Agency Monitoring Plan. Compliance continues to not review division monitoring plans to ensure the divisions implement a risk-based approach for monitoring subrecipients. The Agency Monitoring Plan states that Compliance will use a Monitoring Plan Checklist to evaluate and determine if all the required elements for subrecipient monitoring are present in each division’s plan. Because of the lack of review, the Division of Benefit Programs’ (Benefit Programs) fiscal year 2023 monitoring plan did not meet all the requirements outlined in the Agency Monitoring Plan because it did not include a risk-based approach for subrecipient monitoring and did not consider all subrecipients who receive funding from the Temporary Assistance for Needy Families (TANF) federal grant program. Additionally, while the Office of New Americans has adequate subrecipient monitoring processes, it does not have a written monitoring plan as required by the Agency Monitoring Plan. Compliance continues to not analyze each division’s subrecipient monitoring activities. As a result, Compliance has not produced quarterly reports of variances and noncompliance to brief Social Services’ Executive Team on the agency’s subrecipient monitoring activities. Because of Compliance’s lack of analysis and communication, the Executive Team was unaware of the deviations noted above. Title 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Without performing the responsibilities in the Agency Monitoring Plan, Social Services cannot provide reasonable assurance that the agency has complied with pass-through entity federal requirements at 2 CFR § 200.332. Because of the scope of this matter and the magnitude of Social Services’ subrecipient monitoring responsibilities, we consider these weaknesses collectively to create a material weakness in internal control over compliance. Since the prior audit, Compliance and Social Services’ Executive Team have worked together to discuss solutions to address this audit finding. Social Services is considering procuring a grants management system and Compliance has worked with the agency’s Division of Information Technology to determine whether it can utilize this system to fulfil its subrecipient monitoring responsibilities. Compliance has also discussed the need for additional staff to assist with subrecipient monitoring oversight with the Executive Team. However, Compliance has not implemented these corrective actions as of the end of fiscal year 2023 because of the level of effort and considerations involved with these corrective actions. Therefore, Compliance should continue to work with the Executive Team to make sure that it has the appropriate level of resources to fulfil its responsibilities in the Agency Monitoring Plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-098: Review Non-Locality Subrecipient Single Audit Reports Applicable to: Department of Social Services Prior Year Finding Number: 2022-013; 2021-072; 2020-075; 2019-091; 2018-092 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Crime Victim Assistance - 16.575; Temporary Assistance for Needy Families (TANF) - 93.558; Refugee and Entrant Assistance State/Replacement Designee Administered Programs - 93.566 Federal Award Number and Year: 2301VATANF; 2019-V2-GX-0054; 2020-V2-GX-0048; 15POVC-21-GG-00602-ASSI; 2301VARSSS; 2301VARCMA - 2023 Name of Federal Agency: U.S. Department of Health and Human Services; U.S. Department of Justice Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d)(3); 2 CFR § 200.332(f) Known Questioned Costs: $0 Compliance continues to not review non-locality subrecipient Single Audit reports as established within the Agency Monitoring Plan. Non-locality subrecipients are subrecipients who are not local governments and are mainly comprised of non-profit organizations. During fiscal year 2023, Social Services disbursed approximately $87 million in federal funds to roughly 205 non-locality subrecipients. While reviewing the audit reports for the 26 non-locality subrecipients that received more than $750,000 in federal funds from Social Services, we noted the following: Seven non-locality subrecipients (27%) did not have a Single Audit report available in the Federal Audit Clearinghouse (Clearinghouse) for the most recent audit period. Social Services disbursed approximately $10 million in federal funds to these entities during fiscal year 2023. A non-locality subrecipient (4%) had audit findings that affected one of Social Services’ federal grant programs. As a result of the lack of review over the non-locality subrecipient’s Single Audit report, Social Services did not issue a management decision within six months of acceptance of the audit report by the Clearinghouse. According to 2 CFR § 200.332(f), all pass-through entities must verify their subrecipients are audited if it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Additionally, 2 CFR § 200.332(d)(3) requires pass-through entities to issue a management decision within six months of acceptance of the audit report by the Clearinghouse. A management decision is Social Services’ written determination, provided to its subrecipient, of the adequacy of the subrecipient’s proposed corrective actions to address the audit findings, based on Social Services’ evaluation of the audit findings and proposed corrective actions. Without verifying whether non-locality subrecipients received a Single Audit, Compliance is unable to provide assurance that Social Services is meeting the audit requirements set forth in 2 CFR § 200.332(d)(3) and (f). Additionally, Compliance cannot provide Social Services with assurance that its subrecipient monitoring efforts are adequate without reviewing non-locality Single Audit reports. In its corrective action plan as of the end of fiscal year 2023, Compliance indicated that it has worked with Social Services’ Executive Team to put forth a budget request to procure a grants management system to assist with its subrecipient monitoring efforts. Additionally, Compliance is considering implementing a manual system where it will review non-locality Single Audit reports until it implements a permanent solution. However, Compliance was unable to procure a grants management system to support its subrecipient monitoring efforts during the fiscal year and it did not implement a manual system to comply with the requirements in 2 CFR § 200.332(d)(3) and (f) because of a lack of available resources. Compliance should continue to work with Social Services’ Executive Team to determine which solution(s) would be the most beneficial to the organization to comply with these federal requirements. Additionally, Compliance should consider using the query functionalities in the Clearinghouse to determine whether any of its non-locality subrecipients have audit findings that warrant a management decision. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-099: Communicate Responsibilities to Subrecipient Monitoring Coordinators Applicable to: Department of Social Services Prior Year Finding Number: 2022-012; 2021-069; 2020-076 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Compliance has not communicated responsibilities to subrecipient monitoring coordinators, as required by the Agency Monitoring Plan. Compliance’s Agency Monitoring Plan serves as a guide in the development, implementation, and coordination of division monitoring plans and aims to address accountability and provide consistency in monitoring activities across all Social Services’ divisions and offices. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds from roughly 5,400 subawards. Title 2 CFR § 200.332(d) requires pass-through entities to monitor the activities of subrecipients as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Further, 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Since the prior audit, Compliance has updated and finalized the Agency Monitoring Plan but has been unable to communicate it to the subrecipient monitoring coordinators because of a lack of available resources. Without communicating responsibilities to subrecipient monitoring coordinators, Compliance cannot provide assurance that Social Services adequately monitors all its subrecipients to ensure they are achieving program objectives or complying with federal requirements. Compliance should continue to work with Social Services’ Executive Team to obtain the appropriate resources so that it can communicate responsibilities to subrecipient monitoring coordinators. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-099: Communicate Responsibilities to Subrecipient Monitoring Coordinators Applicable to: Department of Social Services Prior Year Finding Number: 2022-012; 2021-069; 2020-076 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Compliance has not communicated responsibilities to subrecipient monitoring coordinators, as required by the Agency Monitoring Plan. Compliance’s Agency Monitoring Plan serves as a guide in the development, implementation, and coordination of division monitoring plans and aims to address accountability and provide consistency in monitoring activities across all Social Services’ divisions and offices. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds from roughly 5,400 subawards. Title 2 CFR § 200.332(d) requires pass-through entities to monitor the activities of subrecipients as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Further, 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Since the prior audit, Compliance has updated and finalized the Agency Monitoring Plan but has been unable to communicate it to the subrecipient monitoring coordinators because of a lack of available resources. Without communicating responsibilities to subrecipient monitoring coordinators, Compliance cannot provide assurance that Social Services adequately monitors all its subrecipients to ensure they are achieving program objectives or complying with federal requirements. Compliance should continue to work with Social Services’ Executive Team to obtain the appropriate resources so that it can communicate responsibilities to subrecipient monitoring coordinators. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-099: Communicate Responsibilities to Subrecipient Monitoring Coordinators Applicable to: Department of Social Services Prior Year Finding Number: 2022-012; 2021-069; 2020-076 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5MAP - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Compliance has not communicated responsibilities to subrecipient monitoring coordinators, as required by the Agency Monitoring Plan. Compliance’s Agency Monitoring Plan serves as a guide in the development, implementation, and coordination of division monitoring plans and aims to address accountability and provide consistency in monitoring activities across all Social Services’ divisions and offices. During fiscal year 2023, Social Services disbursed approximately $619 million in federal funds from roughly 5,400 subawards. Title 2 CFR § 200.332(d) requires pass-through entities to monitor the activities of subrecipients as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Further, 2 CFR § 200.303(a) requires pass-through entities to establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Since the prior audit, Compliance has updated and finalized the Agency Monitoring Plan but has been unable to communicate it to the subrecipient monitoring coordinators because of a lack of available resources. Without communicating responsibilities to subrecipient monitoring coordinators, Compliance cannot provide assurance that Social Services adequately monitors all its subrecipients to ensure they are achieving program objectives or complying with federal requirements. Compliance should continue to work with Social Services’ Executive Team to obtain the appropriate resources so that it can communicate responsibilities to subrecipient monitoring coordinators. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-100: Evaluate Subrecipients' Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 2305VA5ADM; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not evaluate subrecipients’ risk of noncompliance with federal regulations related to the administration of the TANF federal grant program and the Medicaid Cluster during fiscal year 2023. Benefit Programs only considered the size of the subrecipient when determining the extent of monitoring necessary. Social Services disbursed approximately $178 million to roughly 270 subrecipients from these federal programs during the period under review. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Further, 2 CFR § 200.332(b) suggests that pass-through entities should consider the results of previous audits, the subrecipient’s prior experience with the same or similar subawards, and whether the subrecipient has new personnel or new or substantially changed systems. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipient as necessary to ensure that the pass-through entity used the subaward for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward. As part of its corrective action, Benefit Programs created a new monitoring plan in April 2023 that includes a risk assessment tool that conforms with federal regulations. However, Benefit Programs did not place the new risk assessment tool into operation until after fiscal year 2023 because of the communication and training that needed to occur on the new monitoring plan. Benefit Programs should continue its corrective action efforts and confirm that program consultants are completing the risk assessment tool properly. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-101: Verify that Monitoring Plan Includes All Subrecipient Programmatic Activities Applicable to: Department of Social Services Prior Year Finding Number: 2022-015 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558 Federal Award Number and Year: 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b); 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs fiscal year 2023 monitoring plan did not include all subrecipient programmatic activities for the TANF federal grant program. Benefit Programs’ primary programmatic activity for the TANF federal grant program is eligibility determination functions performed by local agencies. However, Benefit Programs also awards various competitive grants to local governments and non-profit organizations to help TANF recipients become self-sufficient. According to 2 CFR § 200.322(b) all pass-through entities are required to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Additionally, 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure it uses the subaward for authorized purposes, which comply with federal statutes, regulations, and the terms and conditions of the subaward; and that the subrecipient achieves subaward performance goals. Without including all programmatic activities in the monitoring plan, Benefit Programs cannot provide assurance that subrecipients used TANF federal grant funds for authorized purposes in compliance with federal statutes, regulations, and the terms and conditions of the subaward. In response to the prior year’s audit recommendation, Benefit Programs’ management analyzed all its programmatic activities and verified that they were incorporated into its fiscal year 2024 monitoring plan. As part of its corrective action, Benefit Programs’ management mandated that home office staff monitor subrecipients receiving TANF competitive grants once every three years and complete risk assessment procedures in other years to verify that there have not been any changes in the subrecipient’s risk profile. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that it includes all programmatic activities within its monitoring plan and that it conducts monitoring activities in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-101: Verify that Monitoring Plan Includes All Subrecipient Programmatic Activities Applicable to: Department of Social Services Prior Year Finding Number: 2022-015 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558 Federal Award Number and Year: 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b); 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs fiscal year 2023 monitoring plan did not include all subrecipient programmatic activities for the TANF federal grant program. Benefit Programs’ primary programmatic activity for the TANF federal grant program is eligibility determination functions performed by local agencies. However, Benefit Programs also awards various competitive grants to local governments and non-profit organizations to help TANF recipients become self-sufficient. According to 2 CFR § 200.322(b) all pass-through entities are required to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Additionally, 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure it uses the subaward for authorized purposes, which comply with federal statutes, regulations, and the terms and conditions of the subaward; and that the subrecipient achieves subaward performance goals. Without including all programmatic activities in the monitoring plan, Benefit Programs cannot provide assurance that subrecipients used TANF federal grant funds for authorized purposes in compliance with federal statutes, regulations, and the terms and conditions of the subaward. In response to the prior year’s audit recommendation, Benefit Programs’ management analyzed all its programmatic activities and verified that they were incorporated into its fiscal year 2024 monitoring plan. As part of its corrective action, Benefit Programs’ management mandated that home office staff monitor subrecipients receiving TANF competitive grants once every three years and complete risk assessment procedures in other years to verify that there have not been any changes in the subrecipient’s risk profile. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that it includes all programmatic activities within its monitoring plan and that it conducts monitoring activities in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-101: Verify that Monitoring Plan Includes All Subrecipient Programmatic Activities Applicable to: Department of Social Services Prior Year Finding Number: 2022-015 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558 Federal Award Number and Year: 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b); 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs fiscal year 2023 monitoring plan did not include all subrecipient programmatic activities for the TANF federal grant program. Benefit Programs’ primary programmatic activity for the TANF federal grant program is eligibility determination functions performed by local agencies. However, Benefit Programs also awards various competitive grants to local governments and non-profit organizations to help TANF recipients become self-sufficient. According to 2 CFR § 200.322(b) all pass-through entities are required to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Additionally, 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure it uses the subaward for authorized purposes, which comply with federal statutes, regulations, and the terms and conditions of the subaward; and that the subrecipient achieves subaward performance goals. Without including all programmatic activities in the monitoring plan, Benefit Programs cannot provide assurance that subrecipients used TANF federal grant funds for authorized purposes in compliance with federal statutes, regulations, and the terms and conditions of the subaward. In response to the prior year’s audit recommendation, Benefit Programs’ management analyzed all its programmatic activities and verified that they were incorporated into its fiscal year 2024 monitoring plan. As part of its corrective action, Benefit Programs’ management mandated that home office staff monitor subrecipients receiving TANF competitive grants once every three years and complete risk assessment procedures in other years to verify that there have not been any changes in the subrecipient’s risk profile. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that it includes all programmatic activities within its monitoring plan and that it conducts monitoring activities in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
2023-102: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Temporary Assistance for Needy Families (TANF) - 93.558; Medicaid Cluster - 93.775, 93.777, 93.778 Federal Award Number and Year: 305VA5MAP; 2301VATANF - 2023 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not oversee subrecipient monitoring activities to ensure they were conducted in accordance with its monitoring plan. During fiscal year 2023, Benefit Programs disbursed approximately $173 million in subaward payments from the TANF federal grant program and Medicaid Cluster. During the audit, we noted the following deviations from Benefit Programs’ monitoring plan: Benefit Programs created a monitoring plan for fiscal year 2023 to comply with Compliance’s Plan. Regional consultants, who perform subrecipient monitoring activities, created their own subrecipient monitoring schedules that were not consistent with Benefit Programs’ monitoring plan. As a result, Benefit Programs only completed 35 of the 63 (56%) scheduled reviews for the TANF federal grant program and Medicaid Cluster. Regional consultants completed 28 additional reviews which Benefit Program did not originally included in its monitoring plan. Benefit Programs did not confirm that fiscal year 2023 monitoring review records uploaded to its data repository were complete. Some of the missing records included the agency notification letter, case selection sample, and subrecipient monitoring checklist. Title 2 CFR § 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that it uses the subaward authorized purposes, which are in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that monitoring activities are conducted in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with the provisions at 2 CFR § 200.332(d). In response to the prior year’s audit recommendation, Benefit Programs created a new monitoring plan in April 2023 to address the deficiencies noted above. As part of its corrective action, Benefit Programs’ subrecipient monitoring coordinator will be responsible for tracking regional consultants’ monitoring activities, verifying that all relevant monitoring documents are uploaded to its data repository, creating desk tools for regional consultants, and providing training on the new monitoring plan. Benefit Programs was unable to fully implement corrective action in fiscal year 2023 because of the efforts involved with creating and implementing a new monitoring plan and dedicating the resources to provide proper oversight. Benefit Programs should continue its corrective action efforts to confirm that monitoring activities are conducted in accordance with the monitoring plan. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
FINDING 2023-002 Subject: COVID-19 - Education Stabilization Fund - Subrecipient Monitoring Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Number: 84.425U Federal Award Number and Year (or Other Identifying Number): S425U210013 Compliance Requirement: Subrecipient Monitoring Audit Findings: Material Weakness, Modified Opinion Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, material noncompliance related to the COVID-19 - Education Stabilization Fund (ESF) funds passed through to subrecipients. The School Corporation received and passed through to subrecipients $420,500 of ESF funds. The School Corporation is to clearly identify the award and applicable requirements to the subrecipients, evaluate the risk of noncompliance related to the subrecipients to determine appropriate monitoring of the subaward, and monitor the activities of the subrecipients to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. The School Corporation did not enter into an agreement with the subrecipients. As such there is no agreement between the School Corporation and the subrecipients that clearly identifies the award as a subaward or includes all the required data elements. In addition, the School Corporation did not have any policies or procedures in place to evaluate the subrecipients' risk of noncompliance or to monitor the activity of the subrecipients. Per inquiry of the School Corporation, it was determined an evaluation of the risk of noncompliance for the subrecipients was not completed, nor did the subrecipients' files support any such evaluation. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.332 states: "All pass-through entities must: INDIANA STATE BOARD OF ACCOUNTS 18 WEST LAFAYETTE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and include the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward notification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: (1) Federal award identification. (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient's unique entity identifier; (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (vi) Subaward Budget Period Start and End Date; (vii) Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the passthrough entity; (x) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; (xii) Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (xiii) Identification of whether the award is R&D; and (xiv) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; INDIANA STATE BOARD OF ACCOUNTS 19 WEST LAFAYETTE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (3) Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports; (4) (i) An approved federally recognized indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, the pass-through entity must determine the appropriate rate in collaboration with the subrecipient, which is either: (A) The negotiated indirect cost rate between the pass-through entity and the subrecipient; which can be based on a prior negotiated rate between a different PTE and the same subrecipient. If basing the rate on a previously negotiated rate, the passthrough entity is not required to collect information justifying this rate, but may elect to do so; (B) The de minimis indirect cost rate. (ii) The pass-through entity must not require use of a de minimis indirect cost rate if the subrecipient has a Federally approved rate. Subrecipients can elect to use the cost allocation method to account for indirect costs in accordance with § 200.405(d). (5) A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and (6) Appropriate terms and conditions concerning closeout of the subaward. . . . (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in § 200.208. INDIANA STATE BOARD OF ACCOUNTS 20 WEST LAFAYETTE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on programrelated matters; and (2) Performing on-site reviews of the subrecipient's program operations; (3) Arranging for agreed-upon-procedures engagements as described in § 200.425. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. INDIANA STATE BOARD OF ACCOUNTS 21 WEST LAFAYETTE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (h) Consider taking enforcement action against noncompliant subrecipients as described in § 200.339 of this part and in program regulations." Cause A proper system of internal controls was not designed by management of the School Corporation. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the School Corporation's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, the School Corporation did not properly evaluate the subrecipients risk of noncompliance or adequately monitor the subrecipients. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls, including segregation of duties, to evaluate the subrecipients risk of noncompliance and adequately monitor the subrecipients. Additionally, policies and procedures should be implemented to ensure appropriate reviews, approvals, and oversight are taking place, as needed, to evaluate and monitor its subrecipients. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
2023-006 – Subrecipient Monitoring Federal Program: Refugee and Entrant Assistance Program Federal Agency: U.S. Department of Health and Human Services Assistance Listing Number: 93.566 Repeat of Prior Finding: No Type of Finding: Noncompliance and Material Weakness in Internal Controls Over Compliance Criteria According to 2 CFR § 200.331, a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. If determined to be a subrecipient, the entity must adhere to the provisions in 2 CFR § 200.332 which require passthrough entities to perform certain subrecipient monitoring procedures. These procedures include providing the subrecipient necessary award information so that the federal award is used in accordance with federal regulations, evaluating risks of noncompliance of subrecipients, implementing monitoring procedures based upon identified risks, and, if applicable, obtaining a copy of the subrecipients’ annual audit, and taking appropriate action on deficiencies detected through the audits, as well as other requirements. Additionally, the nonfederal entity must establish and maintain effective internal controls over the federal award to provide reasonable assurance that the non-federal entity is managing the award in compliance with federal regulations. Further, according to 2 CFR § 200.331(a), specific information must be explicitly included in agreements with subrecipients that includes but is not limited to providing the Assistance Listing number, whether funding is COVID related, and that the subrecipient is responsible for compliance with 2 CFR § 200 including Subpart F, if applicable. Condition and Context The Organization did not have written policies and procedures in place to ensure that subrecipients are monitored and managed in accordance with Uniform Guidance 2 CFR § 200.332. The Organization did not have procedures in place to properly identify the party receiving funds from the Organization as a subrecipient and therefore assumed that the recipient was a subcontractor. As the proper determination was not made, there were no written agreements between the Organization and the subrecipients. Cause The Organization was unaware of these requirements and determined the receiver of the funds to be a subcontractor. Accordingly, there was no monitoring performed by the Organization over the subrecipient. Effect or Potential Effect Without a proper written grant agreement, subrecipients may be unaware that their award is subject to federal compliance requirements. The Organization could award federal funds to a high-risk entity and fail to adjust the methods of monitoring accordingly. Questioned Costs None noted. Recommendations We recommend that the Organization establish a written policy to monitor subrecipients and develop procedures for determining if the party receiving the funds is considered to be a subrecipient or a contractor. Further, we recommend maintaining a template to be in compliance with applicable regulations, ensuring that the subrecipient is aware of their responsibilities to adhere to federal regulations. Views of Responsible Officials and Planned Corrective Actions Management agrees with the finding and recommendations. See the attached corrective action plan
Program: Foster Care Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2301CAFOST and 2023, 2201CAFOST and 2022 Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Instance of Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: • 2 CFR Part 200.332(a), Requirements for Pass-Through Entities, states that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes certain information as well as all the requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations, and the terms and conditions of the award. • 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). • 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). • 2 CFR 200.332(f) – Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. The California Department of Social Services further clarifies in its County Fiscal Letter No. 22/23-91 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any follow-up to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management). Condition: The Social Services Agency (SSA) did not have any formal controls in place for evaluating each subrecipient’s risk of noncompliance or the purpose of determining the appropriate subrecipient monitoring or for subrecipient monitoring for the Foster Care program. Additionally, the following information was not provided at the time of the subaward for ten (10) of fourteen (14) subawards selected for testing from the SSA’s for the Foster Care program: • Subrecipient’s unique entity identifier • Federal award identification number • Federal award date of award to recipient by the Federal agency • Subaward period of performance • Amount of federal funds obligated to the subrecipient • Amount of federal funds committed to the subrecipient • Federal award project description • Name of federal awarding agency • CFDA/Assistance Listing number • Identification of whether the award is research and development • Indirect cost rate During our testing, we noted for four (4) of fourteen (14) subrecipients selected, SSA did not have documentation that the SAM clearance was performed prior to entering the contract with the subrecipient. The County’s policy was to verify the subrecipient was not suspended or debarred prior to entering the contract, but the County did not retain evidence of this check prior to entering the contract. Cause: The SSA’s procedures did not consistently ensure that the required award information and applicable requires were communicated to the subrecipients. The SSA did not follow their procedures to evaluate the risk of noncompliance or monitor the activities of each subrecipient, and the SSA did not maintain documentation of their verification that every subrecipient is audited, as required. Additionally, the SSA department did not follow their policy to retain documentation of the verification of the information prior to entering the contract. Effect: The County’s control policies were not consistently followed which require compliance with the Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Additionally, the County’s control policies were not consistently followed, which required documentation of the verification prior to entering the contract. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of fourteen (14) out of seventy (70) subrecipients were sampled, which included seven (7) FFA, and seven (7) STRTP types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2022-002,2022-005 and 2022-006. Recommendation: We recommend that the County adhere to their policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. We recommend that the County adhere to their procedures requiring documentation of the SAM clearance prior to entering the contract. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Foster Care Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2301CAFOST and 2023, 2201CAFOST and 2022 Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Instance of Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: • 2 CFR Part 200.332(a), Requirements for Pass-Through Entities, states that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes certain information as well as all the requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations, and the terms and conditions of the award. • 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). • 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). • 2 CFR 200.332(f) – Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. The California Department of Social Services further clarifies in its County Fiscal Letter No. 22/23-91 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any follow-up to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management). Condition: The Social Services Agency (SSA) did not have any formal controls in place for evaluating each subrecipient’s risk of noncompliance or the purpose of determining the appropriate subrecipient monitoring or for subrecipient monitoring for the Foster Care program. Additionally, the following information was not provided at the time of the subaward for ten (10) of fourteen (14) subawards selected for testing from the SSA’s for the Foster Care program: • Subrecipient’s unique entity identifier • Federal award identification number • Federal award date of award to recipient by the Federal agency • Subaward period of performance • Amount of federal funds obligated to the subrecipient • Amount of federal funds committed to the subrecipient • Federal award project description • Name of federal awarding agency • CFDA/Assistance Listing number • Identification of whether the award is research and development • Indirect cost rate During our testing, we noted for four (4) of fourteen (14) subrecipients selected, SSA did not have documentation that the SAM clearance was performed prior to entering the contract with the subrecipient. The County’s policy was to verify the subrecipient was not suspended or debarred prior to entering the contract, but the County did not retain evidence of this check prior to entering the contract. Cause: The SSA’s procedures did not consistently ensure that the required award information and applicable requires were communicated to the subrecipients. The SSA did not follow their procedures to evaluate the risk of noncompliance or monitor the activities of each subrecipient, and the SSA did not maintain documentation of their verification that every subrecipient is audited, as required. Additionally, the SSA department did not follow their policy to retain documentation of the verification of the information prior to entering the contract. Effect: The County’s control policies were not consistently followed which require compliance with the Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Additionally, the County’s control policies were not consistently followed, which required documentation of the verification prior to entering the contract. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of fourteen (14) out of seventy (70) subrecipients were sampled, which included seven (7) FFA, and seven (7) STRTP types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2022-002,2022-005 and 2022-006. Recommendation: We recommend that the County adhere to their policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. We recommend that the County adhere to their procedures requiring documentation of the SAM clearance prior to entering the contract. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Foster Care Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2301CAFOST and 2023, 2201CAFOST and 2022 Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Instance of Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: • 2 CFR Part 200.332(a), Requirements for Pass-Through Entities, states that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes certain information as well as all the requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations, and the terms and conditions of the award. • 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). • 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). • 2 CFR 200.332(f) – Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. The California Department of Social Services further clarifies in its County Fiscal Letter No. 22/23-91 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any follow-up to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management). Condition: The Social Services Agency (SSA) did not have any formal controls in place for evaluating each subrecipient’s risk of noncompliance or the purpose of determining the appropriate subrecipient monitoring or for subrecipient monitoring for the Foster Care program. Additionally, the following information was not provided at the time of the subaward for ten (10) of fourteen (14) subawards selected for testing from the SSA’s for the Foster Care program: • Subrecipient’s unique entity identifier • Federal award identification number • Federal award date of award to recipient by the Federal agency • Subaward period of performance • Amount of federal funds obligated to the subrecipient • Amount of federal funds committed to the subrecipient • Federal award project description • Name of federal awarding agency • CFDA/Assistance Listing number • Identification of whether the award is research and development • Indirect cost rate During our testing, we noted for four (4) of fourteen (14) subrecipients selected, SSA did not have documentation that the SAM clearance was performed prior to entering the contract with the subrecipient. The County’s policy was to verify the subrecipient was not suspended or debarred prior to entering the contract, but the County did not retain evidence of this check prior to entering the contract. Cause: The SSA’s procedures did not consistently ensure that the required award information and applicable requires were communicated to the subrecipients. The SSA did not follow their procedures to evaluate the risk of noncompliance or monitor the activities of each subrecipient, and the SSA did not maintain documentation of their verification that every subrecipient is audited, as required. Additionally, the SSA department did not follow their policy to retain documentation of the verification of the information prior to entering the contract. Effect: The County’s control policies were not consistently followed which require compliance with the Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Additionally, the County’s control policies were not consistently followed, which required documentation of the verification prior to entering the contract. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of fourteen (14) out of seventy (70) subrecipients were sampled, which included seven (7) FFA, and seven (7) STRTP types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2022-002,2022-005 and 2022-006. Recommendation: We recommend that the County adhere to their policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. We recommend that the County adhere to their procedures requiring documentation of the SAM clearance prior to entering the contract. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Foster Care Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2301CAFOST and 2023, 2201CAFOST and 2022 Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Instance of Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: • 2 CFR Part 200.332(a), Requirements for Pass-Through Entities, states that all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes certain information as well as all the requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations, and the terms and conditions of the award. • 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). • 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). • 2 CFR 200.332(f) – Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. The California Department of Social Services further clarifies in its County Fiscal Letter No. 22/23-91 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any follow-up to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management). Condition: The Social Services Agency (SSA) did not have any formal controls in place for evaluating each subrecipient’s risk of noncompliance or the purpose of determining the appropriate subrecipient monitoring or for subrecipient monitoring for the Foster Care program. Additionally, the following information was not provided at the time of the subaward for ten (10) of fourteen (14) subawards selected for testing from the SSA’s for the Foster Care program: • Subrecipient’s unique entity identifier • Federal award identification number • Federal award date of award to recipient by the Federal agency • Subaward period of performance • Amount of federal funds obligated to the subrecipient • Amount of federal funds committed to the subrecipient • Federal award project description • Name of federal awarding agency • CFDA/Assistance Listing number • Identification of whether the award is research and development • Indirect cost rate During our testing, we noted for four (4) of fourteen (14) subrecipients selected, SSA did not have documentation that the SAM clearance was performed prior to entering the contract with the subrecipient. The County’s policy was to verify the subrecipient was not suspended or debarred prior to entering the contract, but the County did not retain evidence of this check prior to entering the contract. Cause: The SSA’s procedures did not consistently ensure that the required award information and applicable requires were communicated to the subrecipients. The SSA did not follow their procedures to evaluate the risk of noncompliance or monitor the activities of each subrecipient, and the SSA did not maintain documentation of their verification that every subrecipient is audited, as required. Additionally, the SSA department did not follow their policy to retain documentation of the verification of the information prior to entering the contract. Effect: The County’s control policies were not consistently followed which require compliance with the Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Additionally, the County’s control policies were not consistently followed, which required documentation of the verification prior to entering the contract. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of fourteen (14) out of seventy (70) subrecipients were sampled, which included seven (7) FFA, and seven (7) STRTP types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2022-002,2022-005 and 2022-006. Recommendation: We recommend that the County adhere to their policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. We recommend that the County adhere to their procedures requiring documentation of the SAM clearance prior to entering the contract. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Various, including AL 84.027 – Special Education Grants to States; AL 84.173 – COVID-19 Special Education Preschool Grants; AL 84.425D – COVID-19 Education Stabilization Fund – Elementary and Secondary School Emergency Relief Fund (ESSER I and ESSER II); AL 84.425U – COVID-19 Education Stabilization Fund – American Rescue Plan – Elementary and Secondary School Emergency Relief Fund (ARP ESSER) – Subrecipient Monitoring Grant Number & Year: Various, including H027A210079, FFY 2022; H173X210077, FFY 2022; S425D200048, grant period ending 9/30/2022; S425D210048, grant period ending 9/30/2023; S425U210048, grant period ending 9/30/2024. Federal Grantor Agency: U.S. Department of Education Criteria: Per 2 CFR § 3474.1 (January 1, 2023), the U.S. Department of Education adopted the OMB Uniform Guidance in 2 CFR part 200, except for 2 CFR § 200.102(a) and 200.207(a). Per 2 CFR § 200.403 (January 1, 2023), allowable costs must be necessary, reasonable, and adequately documented. 2 CFR § 200.332 (January 1, 2023) states, in relevant part, the following: All pass-through entities must: * * * * (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. * * * * (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward[.] * * * * (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. 2 CFR § 200.521 (January 1, 2023) states, in relevant part, the following: (c) Pass-through entity. As provided in § 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. Good internal control requires procedures to ensure that subrecipients are using grant funds for allowable purposes. Good internal control also requires procedures to ensure that subrecipient Single Audit reports are being reviewed, and management decision letters are being issued in a timely manner to ensure that corrective action is being implemented. Condition: For 3 of 27 subrecipients tested that received Federal funds from the Special Education Cluster, the Agency did not perform adequate subrecipient monitoring to ensure that funds were used for allowable purposes. For seven subrecipients tested that received Federal funds from the Education Stabilization Fund and/or Special Education Cluster, the Agency did not issue a management decision letter within the time requirement for five subrecipients and did not issue a management decision letter for two subrecipients. The Agency also failed to track and review the Single Audit report for one subrecipient. Repeat Finding: No Questioned Costs: Unknown Statistical Sample: No Context: The Agency performs various subrecipient monitoring activities during the year to ensure that subrecipients are using funds for an allowable purpose. These activities include reviewing a sample of expenditures from all reimbursement requests, tracking subrecipient audit requirements and reviewing Single Audit reports, and performing fiscal monitoring on a three-year basis. During review of reimbursement requests, the Agency does not perform procedures to ensure that salary and benefits allocated to the Special Education (SPED) grants are adequately supported by underlying documentation for a majority of its subrecipients. Rather the Agency relies on the fiscal monitoring to test that payroll is being properly allocated to grants, and the subrecipients have procedures in place to comply with Uniform Guidance Requirements. During testing of 27 subrecipients that received SPED grants, we noted the following for three subrecipients: • For the first subrecipient, the Agency had never completed a fiscal monitoring review. The Agency indicated that it was currently conducting fiscal monitoring of the school, but the subrecipient had been slow to provide documentation, resulting in delays. • The second subrecipient also did not have a fiscal monitoring review. At the time of the reimbursement, moreover, the Agency did not review any underlying documentation to support the costs allocated to the grant. The Agency stated that it relied on the entity’s annual audit to ensure costs were allocated properly; however, the subrecipient had not had a recent Single Audit in which the Special Education Cluster was a major program. • The third subrecipient had a fiscal monitoring review of payroll costs, but there was no documentation to show that the Agency had reviewed other purchased services at the time of reimbursement or during the fiscal monitoring. During review of the Agency’s procedures for reviewing subrecipient Single Audits, we noted the following: • For two subrecipients tested, their Single Audits noted significant deficiencies and material weaknesses, including one instance of questioned costs totaling $105,273; however, the Agency did not issue a management decision letter on the findings or provide documentation of any follow-up performed. • For five subrecipients tested, the management decision letter was issued eight to nine months after the audit was made available on the Federal Audit Clearinghouse (FAC). • One subrecipient was not being tracked by the Agency. This subrecipient had received $939,358 in Federal funds from the Agency. After the APA pointed this out, the Agency obtained a copy of the subrecipient’s Single Audit report, which noted no findings. Cause: Inadequate subrecipient monitoring procedures. The Agency stated it had other priorities during the year that delayed its review of the subrecipients’ Single Audit reports. Effect: Without adequate procedures, there is increased risk of noncompliance with Federal regulations, audit findings of subrecipients not being corrected, and an increased risk of loss or misuse of funds. Recommendation: We recommend the Agency review its procedures for reimbursements and fiscal monitoring to ensure subrecipients are operating in compliance with Federal requirements. We also recommend the Agency improve procedures to ensure that all subrecipients are being tracked for Single Audit requirements, and management decisions are issued in response to all findings in a timely manner. Management Response: First SPED subrecipient – The first recipient’s fiscal monitoring review is part of the current annual group of recipients being monitored; set to close June 30, 2024. Second SPED subrecipient – As part of the FY2020 federal Single Audit testing conducted by KPMG, determined the after-the-fact verification as a method to certify that the payment received on a project is reasonable in relation to the amount of work performed. Third SPED subrecipient – Purchased services and supplies were reviewed during fiscal monitoring, but the documentation was in paper form, not electronic, and was not initially provided to the auditors when requested. It was provided on March 4, 2024, when located. Single Audits – Due to extensive time commitment to State audit facilitation and Education Stabilization Fund Annual Performance Reporting, some management decision letters were not issued or were issued late. The NDE staff member performing the annual audit reviews was not aware of an additional subrecipient that needed reviewed. APA Response: The Special Education Cluster was not a major program for the second subrecipient in FY2020. For the third subrecipient, we originally requested the Agency’s fiscal monitoring documentation on December 21, 2023. Neb. Rev. Stat. § 84-305(2) (Cum. Supp. 2022) requires compliance with such a request to occur within “three business days after actual receipt of the request.” The only exceptions to that three-day response requirement are if there is “a legal basis for refusal to comply with the request” or “the entire request cannot with reasonable good faith efforts be fulfilled within three business days after actual receipt of the request due to the significant difficulty or the extensiveness of the request.” In either instance, § 84-305(2) requires the recipient of the request to take specific action in claiming the exception. The Agency failed to do so, clearly violating § 84-305(2). In no case not involving a legal basis for noncompliance, moreover, may the required compliance “exceed three calendar weeks after actual receipt of such request by any public entity.” Nevertheless, the additional documentation was not provided until over 11 weeks after being requested, which is another clear violation of § 84-305(2).