Federal Awarding Agency: USDOL Impact: Significant Deficiency, Noncompliance AL Number and Title: 17.258, 17.259, 17.278 WIOA cluster Federal Award Number: AA347542055A2, AA363062155A2, AA385152255A2 Applicable Compliance Requirement: Subrecipient Monitoring Condition: WIOA cluster FY 23 subaward agreement forms did not identify the subrecipients’ unique entity identifier (UEI) number. Furthermore, one of three subaward agreements tested did not identify the Assistance Listing number associated with the subaward. Context: Effective April 4, 2022, the UEI replaced the Data Universal Numbering System (DUNS) number as the authoritative identifier for entities doing business with the federal government. All federal award recipients are required to have a UEI. When a state enters into a subrecipient relationship with an entity it must communicate required subaward information to subrecipients including, but not limited to, the subrecipient's UEI and the federal award Assistance Listing number. DLWD management provided subawards to eight entities to administer certain WIOA cluster grants. DLWD staff used a standard subaward agreement form to communicate federally required information to subrecipients. The audit reviewed the subaward agreement form for three of the eight subrecipients and determined the form listed a DUNS number instead of the federally required UEI. Additionally, one of the three forms did not include a complete Assistance Listing number. Cause: AWIB staff review of the grant agreement forms during the award process was insufficient to identify the transition to the UEI. According to DLWD management, the subaward agreement forms were not updated when the federal government transitioned from using the DUNS number to using the UEI. The incomplete Assistance Listing number was due to a human error during the subaward process. Criteria: Title 2 CFR 200.303 requires the State to establish and maintain effective internal controls over federal awards that provide reasonable assurance that the State is managing federal awards in compliance with federal statutes, regulations, and terms and conditions of the federal award Title 2 CFR 200.332 requires the State to ensure that every subaward is clearly identified to the subrecipient by communicating certain required federal award information. Information to be communicated at the time of subaward includes the subrecipient’s UEI and the Assistance Listing number. Effect: Not providing the required information in the subaward document increases the risk of subrecipient noncompliance with the terms and conditions of the federal award. Questioned Costs: None Recommendation: DLWD’s AWIB executive director should strengthen review procedures and update subaward agreement forms to ensure all required federal award information is communicated to subrecipients. View of Responsible Officials: Management agrees with this finding.
Federal Awarding Agency: USDOL Impact: Significant Deficiency, Noncompliance AL Number and Title: 17.258, 17.259, 17.278 WIOA cluster Federal Award Number: AA347542055A2, AA363062155A2, AA385152255A2 Applicable Compliance Requirement: Subrecipient Monitoring Condition: WIOA cluster FY 23 subaward agreement forms did not identify the subrecipients’ unique entity identifier (UEI) number. Furthermore, one of three subaward agreements tested did not identify the Assistance Listing number associated with the subaward. Context: Effective April 4, 2022, the UEI replaced the Data Universal Numbering System (DUNS) number as the authoritative identifier for entities doing business with the federal government. All federal award recipients are required to have a UEI. When a state enters into a subrecipient relationship with an entity it must communicate required subaward information to subrecipients including, but not limited to, the subrecipient's UEI and the federal award Assistance Listing number. DLWD management provided subawards to eight entities to administer certain WIOA cluster grants. DLWD staff used a standard subaward agreement form to communicate federally required information to subrecipients. The audit reviewed the subaward agreement form for three of the eight subrecipients and determined the form listed a DUNS number instead of the federally required UEI. Additionally, one of the three forms did not include a complete Assistance Listing number. Cause: AWIB staff review of the grant agreement forms during the award process was insufficient to identify the transition to the UEI. According to DLWD management, the subaward agreement forms were not updated when the federal government transitioned from using the DUNS number to using the UEI. The incomplete Assistance Listing number was due to a human error during the subaward process. Criteria: Title 2 CFR 200.303 requires the State to establish and maintain effective internal controls over federal awards that provide reasonable assurance that the State is managing federal awards in compliance with federal statutes, regulations, and terms and conditions of the federal award Title 2 CFR 200.332 requires the State to ensure that every subaward is clearly identified to the subrecipient by communicating certain required federal award information. Information to be communicated at the time of subaward includes the subrecipient’s UEI and the Assistance Listing number. Effect: Not providing the required information in the subaward document increases the risk of subrecipient noncompliance with the terms and conditions of the federal award. Questioned Costs: None Recommendation: DLWD’s AWIB executive director should strengthen review procedures and update subaward agreement forms to ensure all required federal award information is communicated to subrecipients. View of Responsible Officials: Management agrees with this finding.
Federal Awarding Agency: USDOT Impact: Noncompliance AL Number and Title: 20.509 FGRA Federal Award Number: AK-2018-020, AK-2019-028, AK-2020-027, AK-2021-044, AK-2022-019, Applicable Compliance Requirement: Subrecipient Monitoring Condition: All five FY 23 FGRA subrecipient subawards tested did not have a quarterly report specific to the subaward as required for monitoring purposes. Context: DOTPF’s Alaska Community Transit (ACT) office enters into subaward grant agreements with subrecipients for the FGRA program, as well as other federal programs. A subrecipient can have multiple open subawards. Each FGRA subaward grant agreement requires quarterly reports to be submitted. Subrecipients submit the required quarterly reports via the BlackCat system and ACT staff use BlackCat to monitor subrecipients. The audit reviewed five of 36 active FY 23 subawards in BlackCat and found that, instead of an individual quarterly report for each FGRA subaward, subrecipients filed one consolidated quarterly report for all subawards. Cause: The BlackCat system limits subrecipients’ ability to file quarterly reports for each subaward. Therefore, subrecipients filed one consolidated quarterly report for all subawards. Criteria: Title 2 CFR 200.332(d) requires the State to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include reviewing financial and performance reports required by the pass-through entity. Effect: The lack of quarterly reports for each subaward grant agreement limited ACT staff’s ability to effectively monitor subrecipients to ensure subawards were used for authorized purposes. Questioned Costs: None Recommendation: DPD’s director should implement system changes to BlackCat to allow quarterly reports to be filed for each subaward. View of Responsible Officials: Management agrees with this finding.
Federal Awarding Agency: USDOT Impact: Significant Deficiency, Noncompliance AL Number and Title: 20.509 FGRA Federal Award Number: AK-2022-019 Applicable Compliance Requirement: Subrecipient Monitoring Condition: All five FY 23 FGRA subaward grant agreements tested did not include all federally required information. Context: In FY 23 DPD entered into 15 FGRA subaward grant agreements with 12 subrecipients. The audit reviewed a random sample of five subaward grant agreements. All grant agreements tested did not include the federal award date, assistance listing title, and indirect cost rate. Cause: DPD grant administration staff were unaware of the federal award information required to be included in the subaward grant agreement due to staff turnover and a lack of written procedures. Criteria: Title 2 CFR 200.303(a) requires the State to establish and maintain effective internal controls over federal awards that provide reasonable assurance that the State is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Title 2 CFR 200.332(a) requires the State to ensure every subaward agreement includes the required federal award information at the time of the subaward. Effect: Not providing the required award information increases the risk of subrecipient noncompliance with the terms and conditions of the federal award. Questioned Costs: None Recommendation: DPD’s director should amend all active FGRA subaward grant agreements to include the missing federally required information. Furthermore, management should develop written procedures to ensure compliance with all subrecipient monitoring requirements applicable to federally funded subawards administered by DOTPF. View of Responsible Officials: Management agrees with this finding.
Federal Awarding Agency: USDOT Impact: Significant Deficiency, Noncompliance AL Number and Title: 20.509 FGRA Federal Award Number: AK-2022-027 Applicable Compliance Requirement: Subrecipient Monitoring Condition: DOTPF management did not issue a management decision for the one single audit finding requiring follow-up in FY 23 within six months as required by federal law. Context: Under federal regulations, pass-through entities are responsible for issuing a management decision for audit findings relating to federal awards provided to subrecipients. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the adequacy of the subrecipient’s proposed corrective actions to address the finding. If the subrecipient has not completed corrective action, a timetable for follow-up should be given. Cause: DOTPF has no procedures to ensure a management decision is issued in a timely manner for a subrecipient’s single audit finding. DOTPF management believed it was not necessary to track subrecipients that require single audit follow-up as there was only one subrecipient with a finding during FY 23. Criteria: Title 2 CFR 200.332(d)(3) states that pass-through entities’ monitoring of subrecipients must include issuing a management decision for audit findings that relate to the federal award provided to the subrecipient from the pass-through entity. Title 2 CFR 200.521(d) states a management decision must be issued within six months of acceptance of the audit report by the federal audit clearinghouse. Title 2 CFR 200.303(a) requires the State to establish and maintain effective internal controls over federal awards that provide reasonable assurance that the State is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Effect: Untimely management decisions may result in the subrecipient not taking appropriate corrective action on findings. Noncompliance with federal regulations may result in the federal awarding agency imposing additional conditions or taking corrective action, including additional reporting requirements or withholding/terminating funding. Questioned Costs: None Recommendation: DOTPF’s Division of Administrative Services (DAS) director should develop and implement procedures to ensure management decisions for all subrecipient single audit findings are issued within six months of the audit report’s acceptance by the federal audit clearinghouse. View of Responsible Officials: Management agrees with this finding.
Federal Awarding Agency: USDOT Impact: Noncompliance AL Number and Title: 20.509 FGRA Federal Award Number: AK-2018-020, AK-2019-028, AK-2020-027, AK-2021-044, AK-2022-019, Applicable Compliance Requirement: Subrecipient Monitoring Condition: All five FY 23 FGRA subrecipient subawards tested did not have a quarterly report specific to the subaward as required for monitoring purposes. Context: DOTPF’s Alaska Community Transit (ACT) office enters into subaward grant agreements with subrecipients for the FGRA program, as well as other federal programs. A subrecipient can have multiple open subawards. Each FGRA subaward grant agreement requires quarterly reports to be submitted. Subrecipients submit the required quarterly reports via the BlackCat system and ACT staff use BlackCat to monitor subrecipients. The audit reviewed five of 36 active FY 23 subawards in BlackCat and found that, instead of an individual quarterly report for each FGRA subaward, subrecipients filed one consolidated quarterly report for all subawards. Cause: The BlackCat system limits subrecipients’ ability to file quarterly reports for each subaward. Therefore, subrecipients filed one consolidated quarterly report for all subawards. Criteria: Title 2 CFR 200.332(d) requires the State to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include reviewing financial and performance reports required by the pass-through entity. Effect: The lack of quarterly reports for each subaward grant agreement limited ACT staff’s ability to effectively monitor subrecipients to ensure subawards were used for authorized purposes. Questioned Costs: None Recommendation: DPD’s director should implement system changes to BlackCat to allow quarterly reports to be filed for each subaward. View of Responsible Officials: Management agrees with this finding.
Federal Awarding Agency: USDOT Impact: Significant Deficiency, Noncompliance AL Number and Title: 20.509 FGRA Federal Award Number: AK-2022-019 Applicable Compliance Requirement: Subrecipient Monitoring Condition: All five FY 23 FGRA subaward grant agreements tested did not include all federally required information. Context: In FY 23 DPD entered into 15 FGRA subaward grant agreements with 12 subrecipients. The audit reviewed a random sample of five subaward grant agreements. All grant agreements tested did not include the federal award date, assistance listing title, and indirect cost rate. Cause: DPD grant administration staff were unaware of the federal award information required to be included in the subaward grant agreement due to staff turnover and a lack of written procedures. Criteria: Title 2 CFR 200.303(a) requires the State to establish and maintain effective internal controls over federal awards that provide reasonable assurance that the State is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Title 2 CFR 200.332(a) requires the State to ensure every subaward agreement includes the required federal award information at the time of the subaward. Effect: Not providing the required award information increases the risk of subrecipient noncompliance with the terms and conditions of the federal award. Questioned Costs: None Recommendation: DPD’s director should amend all active FGRA subaward grant agreements to include the missing federally required information. Furthermore, management should develop written procedures to ensure compliance with all subrecipient monitoring requirements applicable to federally funded subawards administered by DOTPF. View of Responsible Officials: Management agrees with this finding.
Federal Awarding Agency: USDOT Impact: Significant Deficiency, Noncompliance AL Number and Title: 20.509 FGRA Federal Award Number: AK-2022-027 Applicable Compliance Requirement: Subrecipient Monitoring Condition: DOTPF management did not issue a management decision for the one single audit finding requiring follow-up in FY 23 within six months as required by federal law. Context: Under federal regulations, pass-through entities are responsible for issuing a management decision for audit findings relating to federal awards provided to subrecipients. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the adequacy of the subrecipient’s proposed corrective actions to address the finding. If the subrecipient has not completed corrective action, a timetable for follow-up should be given. Cause: DOTPF has no procedures to ensure a management decision is issued in a timely manner for a subrecipient’s single audit finding. DOTPF management believed it was not necessary to track subrecipients that require single audit follow-up as there was only one subrecipient with a finding during FY 23. Criteria: Title 2 CFR 200.332(d)(3) states that pass-through entities’ monitoring of subrecipients must include issuing a management decision for audit findings that relate to the federal award provided to the subrecipient from the pass-through entity. Title 2 CFR 200.521(d) states a management decision must be issued within six months of acceptance of the audit report by the federal audit clearinghouse. Title 2 CFR 200.303(a) requires the State to establish and maintain effective internal controls over federal awards that provide reasonable assurance that the State is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Effect: Untimely management decisions may result in the subrecipient not taking appropriate corrective action on findings. Noncompliance with federal regulations may result in the federal awarding agency imposing additional conditions or taking corrective action, including additional reporting requirements or withholding/terminating funding. Questioned Costs: None Recommendation: DOTPF’s Division of Administrative Services (DAS) director should develop and implement procedures to ensure management decisions for all subrecipient single audit findings are issued within six months of the audit report’s acceptance by the federal audit clearinghouse. View of Responsible Officials: Management agrees with this finding.
2023-016 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with subrecipient monitoring requirements for the Formula Grants for Rural Areas program. Assistance Listing Number and Title: 20.509 Formula Grants for Rural Areas Federal Grantor Name: U.S. Department of Transportation Federal Award/Contract Number: WA-2019-091-01; WA-2020-038-01; WA-2021-052-01; WA-2021-130-01; WA-2021-133-01; WA-2022-031-01 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Washington State Department of Transportation administers the Section 5311 program— Formula Grants for Rural Areas—to rural transportation areas by providing financial assistance for operating, planning, administrative expenses, and the acquisition, construction, and improvement of facilities and equipment. In addition, Section 5311 specifically provides for the support of rural intercity bus services, as well as funding for training, technical assistance, research, and related services to support the rural transit service. The Department spent about $80.3 million in program funds during fiscal year 2023. Of that amount, it passed through about $35.2 million to subrecipients through subawards. When passing federal funds through to subrecipients, federal regulations require the Department to monitor them based on a risk assessment to ensure: • Federal funds are used for authorized purposes in compliance with federal statutes, regulations, and the terms and conditions of the subaward. • Subaward performance goals are achieved. • The subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award, when applicable. The Department’s subrecipient monitoring activities include virtual and physical site visits for various types of reviews based on risk assessments performed on a biennial basis, including: • Financial reviews • Administrative policy reviews • Drug and alcohol compliance reviews • Capital (equipment) reviews According to the Department’s Consolidated Grant Guidebook, which outlines general grant terms and conditions, the Department conducts biennial risk assessments to evaluate each subrecipient’s risk of noncompliance with grant requirements. The Department then determines the frequency of site visits for each subrecipient based on risk level, and schedules them accordingly. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with subrecipient monitoring requirements for the Formula Grants for Rural Areas program. We used a nonstatistical sampling method to randomly select and examine 12 site visits out of a total population of 65 to verify if the Department appropriately monitored its subrecipients. We found the Department did not perform two site visits during the audit period (17 percent). We also reviewed the Department’s site visit tracker and found three additional site visits that were not performed at the time of our audit. Additionally, we found that 10 other site visits were not completed by the Department’s scheduled due date (20 percent). We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department’s use of a tracker to schedule and complete site visits timely was insufficient to ensure that it appropriately monitored subrecipients in accordance with federal regulations. In addition, the Department’s policies and procedures did not specify when site visits must be conducted for subrecipients based on their assessed risk score or risk level. Accordingly, management did not enforce the due date for each subrecipient’s site visits established in the tracker, and did not ensure that all required site visits were completed. Effect of Condition During the audit period, the Department did not complete five out of 65 (8 percent) scheduled site visits for subrecipients. By not performing monitoring visits timely, the Department is at a higher risk of not detecting or preventing noncompliance with federal regulations and the grant’s terms and conditions. Additionally, the Department is at increased risk of not ensuring that subaward performance goals are achieved, and is unable to ensure subrecipients correct any existing deficiencies in a timely manner. Recommendations We recommend the Department: • Strengthen internal controls to ensure that it performs and documents monitoring visits based on its risk assessments of its subrecipients to ensure compliance with federal regulations and its own guidebook • Update its written policies and procedures to address the minimum requirements for conducting site visits, including determining how a subrecipient’s assessed risk score and risk level affect the timing and number of site visits required • Monitor the status of site visits for all its subrecipients to ensure that each one is evaluated in accordance with the requirements in its own guidebook • Follow up on subrecipients with overdue site visits to ensure they are conducted timely Department’s Response The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Formula Grants for Rural Areas. WSDOT is committed to ensuring our programs comply with federal regulations. WSDOT concurs with the finding and plans to implement the recommendations. Specifically, our Public Transportation Division will: • Update Public Transportation policy and procedure to more fully document its risk-based site visit approach. This update will clarify how an organization’s risk assessment score impacts the timing and number of administrative and financial site visits. This update will not impact capital and drug and alcohol site visits because Public Transportation Division staff conduct them every two years regardless of risk assessment scores. • Evaluate new ways for management, supervisors and staff to more effectively monitor site visit completion by established due dates. Once this group develops a new approach, management will ensure that staff document it in its policies and procedures and communicate the new approach to impacted staff. As of October 2023, the Public Transportation Division had conducted all five site visits listed in the condition of this finding. Auditor’s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The Washinton State Department of Transportation Consolidated Grant Guidebook (M130 (March 2022 version)), Chapter 1 – Requirements and guidelines for all projects, states in part: Program compliance and project reporting Risk assessments Every two years and in accordance with 2 CFR 200.332(b)(1-4), WSDOT conducts risk assessments to evaluate each grantee’s risk of noncompliance with the grant requirements. We use the risk assessment results to determine how much technical assistance and oversight may be necessary to help organizations comply with grant requirements. WSDOT will designate organizations that have a strong record of grant compliance and project delivery as low risk. The benefits of low-risk status may include less frequent site visits. High-risk status may result in more frequent site visits and a higher level of monitoring between site visits. For example, grantees may be required to provide full back up documentation with their claims. Frequency of site visits The frequency of site visits depends on the type of project, the funding source, type of site visit, and your risk scores. Below is general information on the frequency of site visits: • Operating projects WSDOT will perform administrative and financial site visits at least once every four years on active projects based on an organization’s risk score. • Planning projects WSDOT will perform administrative and financial site visits at least once every four years on active projects based on an organization’s risk score. • Capital vehicle and equipment projects WSDOT will perform administrative and capital site visits at least once every four years on active projects based on an organization’s risk score through the useful life of the vehicle and/or equipment. • Drug and alcohol program reviews WSDOT will perform a drug and alcohol site visit every biennium as needed based on an organization’s risk. This applies only to grantees awarded Sections 5339 and 5311 funding.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-031 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-021 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Legislature appropriated $100 million to the Department in SLFRF funding to award assistance to public and private water, sewer, garbage, electric, and natural gas utilities. With these funds, utilities could reduce residential customer account balances that were left unpaid due to the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021. The Department’s Energy Division expended about $100 million in payments to public and private utilities as subrecipients. Each utility that wished to participate in the program was required to submit an application for financial assistance documenting the current arrearage balances for residential customers as of March 31, 2022, as well as any available information on arrearage balances of low-income customers, including those receiving government assistance through the Low-Income Home Energy Assistance Program, Low-Income Water Assistance Program, or other ratepayer-funded Department programs as of March 31, 2022. In the event that the utility did not have access to this customer information, the Department distributed SLFRF funds to the community action program serving the same area as the utility. In determining the amount of funding that each utility could receive, the Department was required by the legislative mandate to consider: • Each participating utility’s proportion of the aggregate amount of arrearages among all participating utilities • Utility service areas that are situated in locations experiencing disproportionate environmental health disparities • American community survey poverty data • Whether the utility has leveraged other fund sources to reduce customer arrearages Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SFLRF. The prior finding number was 2022-021. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for SLFRF subrecipients. During the audit period, the Department awarded more than $99.8 million in SLFRF funds to 62 different utilities and community action programs. We determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for each of its 62 subrecipients. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition Program management for the Department was not aware of the requirement to conduct a formal risk assessment over each subrecipient’s use of SLFRF funds, and did not consider performing a risk assessment over the subrecipients when following legislative guidance. Additionally, management outside of the Department’s Energy Division did not monitor to ensure risk assessments were performed before executing subawards with utilities. Effect of Condition Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards. Recommendations We recommend the Department: • Establish internal controls to ensure it performs risk assessments for all subawards issued to subrecipients • Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results and demonstrate compliance with federal requirements • Update its risk assessment procedures to ensure factors related to potential noncompliance with requirements for low-income utility grants and SLFRF are incorporated into the risk assessment results Department’s Response The Department thanks the Washington State Auditor’s Office for the opportunity to respond to the finding. The Department respectfully disagrees with the finding as the Auditor’s Office has provided no requirements or codes nor has the Department been informed of any which require a risk assessment process for this award applied to arrearage balances. Additionally, the Department asserts it had internal controls in place for the program requirements. The Washington State Legislature issued the following proviso for funding by the Department: “$100,000,000 of the coronavirus state fiscal recovery fund federal appropriation is provided solely for grants for public and private water, sewer, garbage, electric, and natural gas utilities to address low-income customer arrearages compounded by the COVID-19 pandemic and the related economic downturn that were accrued between March 1, 2020, and December 31, 2021.” The Washington State Legislature informed utility representatives of the availability of funding following the funding awarded to the Department. Commerce received the award for this program as part of the supplemental operating budget included in Senate Bill 5693, affective March 31, 2022. The Department held webinars allowing all interested utility service providers to obtain information on how to fund outstanding arrearage balances compounded by the COVID-19 pandemic. Utility providers requesting funding communicated their customer arrearage balances to the Energy Office who followed a reporting process for funding. The reporting process included receipt of the number of customers with arrearage balances, the amount applied to customer balances, if they were low income customers amongst other elements required to receive funding. By May 27, 2022, each utility that wished to participate opted-in to the grant program by providing the Department with the specific information. The opt-in was available for all utility service providers who had customers who met the low-income requirements. The proviso did not include any requirements for subrecipient monitoring elements, including the performance of risk assessments of utility providers. The proviso included who was eligible for funding and the period of performance. The compliance supplement for Assistance Listing Number 21.027 under 2 CFR 200 did not include any requirements for subrecipient monitoring for risk assessments. The Department’s Assistant Director for the Energy Division created the process in which utility service providers provided information for funding. At that time the Assistant Director created internal controls over reporting, fiscal monitoring and subrecipient monitoring which included the submission of required information including, low-income eligibility, customer accounts had to be in an arrearage status, dates of arrearage balances and confirmation of expenses paid for customer arrearages. That data was compiled in a monitoring workbook, monitored and retained. Commerce did not identify or implement an internal control over risk assessments as utility service providers were not ranked or categorized for funding as the award included funding for all eligible customers from the utilities who requested funding. A risk assessment was not necessary nor required as part of the compliance supplement or any other Code of Federal Regulation related to this award. Commerce implemented internal controls for all areas in which the regulations required. Further, Commerce created and maintained an appropriate level of monitoring for the elements identified for funding by the legislature through our obtaining low-income eligibility status and other factors required for funding. No risk assessment process was required as all eligible utility providers were funded. The Department strives to meet all requirements related to federal funding and will continue to improve internal controls and compliance when deficiencies are identified. Auditor’s Remarks Federal regulations, specifically 2 CFR 200.332 - Requirements for pass-through entities, requires risk assessments be performed for all subrecipients to determine the appropriate level of monitoring required to ensure the subrecipient complies with terms and conditions of the subaward. The fact that the state legislative proviso did not contain this provision did not absolve the Department from complying with the federal requirement. We informed the Department during the audit that we would be assessing its compliance with this requirement. This requirement is also outlined in the state’s grant agreement with the Department of the Treasury and is outlined in the federal grant compliance supplement that is published by the federal Office of Management and Budget every year. We reaffirm our audit finding and will follow up on the Department’s corrective action during the next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-032 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Coronavirus State and Local Fiscal Recovery Fund. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRFP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: No Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2023, state agencies spent about $1.9 billion in SLFRF funds, more than $718 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program, in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2023, the Department expended about $253.5 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Federal regulations require pass-through entities to ensure that every subaward is clearly identified as a subaward to a subrecipient, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, the name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with federal requirements to ensure it communicated all federal award identification elements to subrecipients of the SLFRF. During the audit period, the Department awarded new contracts and amendments totaling more than $16.8 million in SLFRF funds to 13 subrecipients. We examined all 13 subawards and determined all 13 did not clearly identify the agreement as a federal subaward and the subrecipient was referred to as a contractor throughout the award. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department could not provide documentation to show it had adequate internal controls in place to ensure that the subawards included all the correct information. Furthermore, the subrecipients were referred to as contractors throughout each award because the Department used a contract template; it did not have a subaward template available at the time the subawards were issued. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it has communicated all required data elements to its subrecipients. Furthermore, by not clearly identifying the subaward as such, the Department cannot ensure its subrecipients have been adequately informed of the program requirements, federal regulations, and the subaward’s terms and conditions that it must comply with. Under federal law requirements for a subrecipient and a contractor are substantially different. Recommendation We recommend the Department establish adequate internal controls to ensure it includes all required information in every federal subaward. This must include ensuring that the award is clearly identified as a subaward and not a contract. Department’s Response The Department treated the recipient as a subrecipient and followed all of the Code of Federal Regulations (CFR) requirements, including communicating the Requirements for Pass-through Entities to all recipients through the 14 elements checklist in a contract amendment process. The Department informed the audit team that they had this documentation but the documentation was not requested. The Department agrees with the Washington State Auditor’s Office (SAO) that our contract template refers to the subrecipient in the contract as a “contractor”. That terminology was used to identify the recipient as part of the contract, not the type of federal recipient. We identified the need to specify the federal recipient type in the contract in 2022 and in October 2022 we changed the face sheets of all of our federal contract templates to identify each recipient as a subrecipient or contractor. Unfortunately there was a timing issue with the issuance of the contract included in the audit and the prior federal template was used. Going forward, all program contracts will be issued on the updated federal contract templates which will designate the recipient type as either a subrecipient or contractor. The Department supports it communicated the Requirements for Pass-Through entities federal identification elements through the subaward amendments that were issued during the period, however, the communication was made during the audit year and did not cover the full period of performance. Short of an error being made, the Department feels this exception has been resolved. We thank the Auditor’s Office for the opportunity to respond to the finding. Auditor’s Remarks We acknowledge the Department updated its subaward template during the audit period. However, we want to clarify that for the subawards examined during this audit, the Department did not issue written subaward amendments to communicate federal subaward elements to its subrecipients. Instead, the Department sent email correspondence to each subrecipient with a file attachment listing the fields required under 2 CFR 200.332(a)(1)(i) through (xiv). This attachment was not incorporated by reference into the subaward amendments executed during the audit period, and therefore we did not consider the information as part of the Department’s subaward. We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes requirements for all pass-through entities. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-050 The Department of Health did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program. Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases 93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-033 Background The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds during fiscal year 2023, about $17 million of which was disbursed to subrecipients. In response to the COVID pandemic, ELC subrecipients have received a significant increase in funding over the last few years. Federal regulations require the Department to monitor the activities of subrecipients to ensure they use subawards for authorized purposes and in compliance with federal statutes, regulations, and the terms and conditions of the subaward. This monitoring must include reviewing financial reports and taking timely and appropriate action on all deficiencies pertaining to the federal award. The Department assigns each subrecipient a compliance risk level based on standardized criteria. The Department’s Fiscal Monitoring Unit (FMU) conducts on-site fiscal reviews of each subrecipient every two years. This review includes all federal awards the subrecipient received from the Department for the period under review. Reviewers complete a standardized template to document their work. Using the subrecipient’s reimbursement requests, reviewers judgmentally determine how many samples of payroll expenditures and contractor payments to review to ensure there is adequate source documentation. Reviewers also look at general accounting information, budget information, equipment purchases and other items. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding number was 2022-033. Description of Condition The Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the ELC program. The Department does not have written procedures to guide reviewers on the number of reimbursement samples to review based on the subrecipient’s risk level. We used a nonstatistical sampling method to randomly select and examine five out of a total of 10 subrecipients that received a fiscal review during the audit period. For each subrecipients, we noted that the fiscal monitoring only covered between 0.19 percent and 3.37 percent of total grant awards. Additionally, the Department only sampled between one and nine transactions specific to the ELC program during the reviews. Furthermore, for each subrecipient, the Department only sampled from either payroll or contractor transactions, never both. These samples covered between 0.02 percent to 1.82 percent of the total ELC grant award for the subrecipients. The table below identifies the samples reviewed for each subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition Management has not established guidance for how many transactions fiscal reviewers need to review from source documentation to have assurance subrecipients spent program funds spent accordance with grant requirements. Furthermore, management believed the level of review was adequate to ensure a sufficient level of monitoring. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department does not have reasonable assurance that the subrecipient has complied with the terms and conditions of the subaward. Further, allowing staff to select samples without adequate guidance from management does not provide the Department with reasonable assurance that subrecipients spent program funds in accordance with grant requirements and federal regulations. Recommendation We recommend the Department strengthen internal controls to ensure it performs fiscal monitoring to a level that provides reasonable assurance that subrecipients’ use of federal funds complies with federal laws and regulations and the subaward’s terms and conditions. Department’s Response We do not concur with the finding. We understand that the State Auditor’s Office (SAO) reviewed a specific grant as part of the scope of this audit. The Department of Health (DOH) finds it misleading that SAO did not report on the subrecipient review process in its entirety. The DOH Fiscal Monitoring Unit (FMU) is not an audit department, therefore the standards DOH FMU functions on are very different than what SAO is recommending in the finding. FMU is audited annually by different federal partners, and those partners have identified no concerns with the monitoring visit methodology used as it is in line with compliance requirement 2 CFR 200.332. Federal guidance does not state DOH must select a certain percentage of samples to ensure adequate review. The DOH subrecipient monitoring process is a comprehensive process that starts with an initial risk assessment which is completed prior to contract execution. This assessment determines the level of support each subrecipient is required to submit as back up documentation for payment requests. Programs then have contract managers review this support prior to payment. In addition, monitoring visits are performed on subrecipients. As part of that process, the FMU reviews at least three months of invoices submitted by subrecipients and includes reviews of entity policies, procedures, internal controls both manual and automated, applicable contracts, history of compliance and applicable cost allocation methodology to ensure each entity is compliant with federal requirements and has adequate internal controls. As part of the review, each FMU staff member will judgmentally select items to review from the selected invoices. FMU staff make this selection using their subject matter expertise about DOH, specific programs and federal guidance to identify transactions for review. This review includes looking at supporting documentation such as timesheets and receipts. FMU reviews the entity, not a specific grant when performing a site visit. The reviewer must document the grants the entity receives and then selects a few transactions from each award type, if applicable. Each entity has a consistent control structure across all funding types so there is no value in reviewing a significant number of transactions from each award type as the controls do not vary. As you can see from the table provided, of the invoices reviewed, DOH typically reviews a quarter of the amount invoiced for. If a grant award is not represented in the invoices selected, FMU will select an additional invoice to ensure all awards are included. This happened in the case of sample three. In the case of sample one, no vendor payments were reviewed because the entity only invoiced for payroll for the selected months. Executive leadership supports the approach used by FMU and is not considering program changes related to the recommendation at this time. Auditor’s Remarks While federal regulations do not require a specific percentage of program expenditures be reviewed when entities monitor subrecipients, in our judgment, the amount reviewed by the Department for the ELC program did not provide management with reasonable assurance that subawards were used for authorized purposes, were spent in compliance with federal requirements and the terms and conditions of the awards. The Department cannot rely on reviews performed for other federal awards as an effective means to ensure compliance for the ELC program. The Department asserts that FMU staff selects invoices for all grant awards issued to the subrecipient. Then, FMU staff judgmentally pick samples from the three selected invoices, significantly limiting the number of expenditures reviewed, as evidence in our testing. Furthermore, the Department does not have written procedures guiding FMU staff on the level of fiscal review for federal grant expenditures. It also acknowledges that the risk assessment level drives the level of backup documentation required for payment requests. The risk assessment does not influence the level of fiscal review. The Department provided a table of the number of expenditures it asserts it reviewed at each subrecipient we tested but acknowledges that these expenditures are from all programs and not specific to ELC. The amount of review done for other federal programs or state funded programs is not relevant when determining whether the subrecipient complied with the terms of the ELC subaward. We reaffirm our finding, and we will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2023-050 The Department of Health did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program. Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases 93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU50CK000515-05-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-02-04; NU50CK000515-01-09; NU50CK000515-02-01; NU50CK000515-02-06; NU50CK000515-02-03; NU50CK000515-02-09; NU50CK000515-02-07; NU50CK000515-03-03; NU50CK000515-03-01; NU50CK000515-04-00; NU50CK000515-04-03 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-033 Background The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent about $198.5 million in federal grant funds during fiscal year 2023, about $17 million of which was disbursed to subrecipients. In response to the COVID pandemic, ELC subrecipients have received a significant increase in funding over the last few years. Federal regulations require the Department to monitor the activities of subrecipients to ensure they use subawards for authorized purposes and in compliance with federal statutes, regulations, and the terms and conditions of the subaward. This monitoring must include reviewing financial reports and taking timely and appropriate action on all deficiencies pertaining to the federal award. The Department assigns each subrecipient a compliance risk level based on standardized criteria. The Department’s Fiscal Monitoring Unit (FMU) conducts on-site fiscal reviews of each subrecipient every two years. This review includes all federal awards the subrecipient received from the Department for the period under review. Reviewers complete a standardized template to document their work. Using the subrecipient’s reimbursement requests, reviewers judgmentally determine how many samples of payroll expenditures and contractor payments to review to ensure there is adequate source documentation. Reviewers also look at general accounting information, budget information, equipment purchases and other items. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding number was 2022-033. Description of Condition The Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the ELC program. The Department does not have written procedures to guide reviewers on the number of reimbursement samples to review based on the subrecipient’s risk level. We used a nonstatistical sampling method to randomly select and examine five out of a total of 10 subrecipients that received a fiscal review during the audit period. For each subrecipients, we noted that the fiscal monitoring only covered between 0.19 percent and 3.37 percent of total grant awards. Additionally, the Department only sampled between one and nine transactions specific to the ELC program during the reviews. Furthermore, for each subrecipient, the Department only sampled from either payroll or contractor transactions, never both. These samples covered between 0.02 percent to 1.82 percent of the total ELC grant award for the subrecipients. The table below identifies the samples reviewed for each subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition Management has not established guidance for how many transactions fiscal reviewers need to review from source documentation to have assurance subrecipients spent program funds spent accordance with grant requirements. Furthermore, management believed the level of review was adequate to ensure a sufficient level of monitoring. Effect of Condition Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department does not have reasonable assurance that the subrecipient has complied with the terms and conditions of the subaward. Further, allowing staff to select samples without adequate guidance from management does not provide the Department with reasonable assurance that subrecipients spent program funds in accordance with grant requirements and federal regulations. Recommendation We recommend the Department strengthen internal controls to ensure it performs fiscal monitoring to a level that provides reasonable assurance that subrecipients’ use of federal funds complies with federal laws and regulations and the subaward’s terms and conditions. Department’s Response We do not concur with the finding. We understand that the State Auditor’s Office (SAO) reviewed a specific grant as part of the scope of this audit. The Department of Health (DOH) finds it misleading that SAO did not report on the subrecipient review process in its entirety. The DOH Fiscal Monitoring Unit (FMU) is not an audit department, therefore the standards DOH FMU functions on are very different than what SAO is recommending in the finding. FMU is audited annually by different federal partners, and those partners have identified no concerns with the monitoring visit methodology used as it is in line with compliance requirement 2 CFR 200.332. Federal guidance does not state DOH must select a certain percentage of samples to ensure adequate review. The DOH subrecipient monitoring process is a comprehensive process that starts with an initial risk assessment which is completed prior to contract execution. This assessment determines the level of support each subrecipient is required to submit as back up documentation for payment requests. Programs then have contract managers review this support prior to payment. In addition, monitoring visits are performed on subrecipients. As part of that process, the FMU reviews at least three months of invoices submitted by subrecipients and includes reviews of entity policies, procedures, internal controls both manual and automated, applicable contracts, history of compliance and applicable cost allocation methodology to ensure each entity is compliant with federal requirements and has adequate internal controls. As part of the review, each FMU staff member will judgmentally select items to review from the selected invoices. FMU staff make this selection using their subject matter expertise about DOH, specific programs and federal guidance to identify transactions for review. This review includes looking at supporting documentation such as timesheets and receipts. FMU reviews the entity, not a specific grant when performing a site visit. The reviewer must document the grants the entity receives and then selects a few transactions from each award type, if applicable. Each entity has a consistent control structure across all funding types so there is no value in reviewing a significant number of transactions from each award type as the controls do not vary. As you can see from the table provided, of the invoices reviewed, DOH typically reviews a quarter of the amount invoiced for. If a grant award is not represented in the invoices selected, FMU will select an additional invoice to ensure all awards are included. This happened in the case of sample three. In the case of sample one, no vendor payments were reviewed because the entity only invoiced for payroll for the selected months. Executive leadership supports the approach used by FMU and is not considering program changes related to the recommendation at this time. Auditor’s Remarks While federal regulations do not require a specific percentage of program expenditures be reviewed when entities monitor subrecipients, in our judgment, the amount reviewed by the Department for the ELC program did not provide management with reasonable assurance that subawards were used for authorized purposes, were spent in compliance with federal requirements and the terms and conditions of the awards. The Department cannot rely on reviews performed for other federal awards as an effective means to ensure compliance for the ELC program. The Department asserts that FMU staff selects invoices for all grant awards issued to the subrecipient. Then, FMU staff judgmentally pick samples from the three selected invoices, significantly limiting the number of expenditures reviewed, as evidence in our testing. Furthermore, the Department does not have written procedures guiding FMU staff on the level of fiscal review for federal grant expenditures. It also acknowledges that the risk assessment level drives the level of backup documentation required for payment requests. The risk assessment does not influence the level of fiscal review. The Department provided a table of the number of expenditures it asserts it reviewed at each subrecipient we tested but acknowledges that these expenditures are from all programs and not specific to ELC. The amount of review done for other federal programs or state funded programs is not relevant when determining whether the subrecipient complied with the terms of the ELC subaward. We reaffirm our finding, and we will review the status of the Department’s corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Assistance Listing Number(s): 21.027 Name of Federal Program or Cluster: COVID-19 Coronavirus State and Local Fiscal Recovery Funds Name of Federal Agency: Department of the Treasury Name of Pass-through Entity: City of Madison, City of Sun Prairie, Wisconsin Department of Workforce Development Award Period: January 1, 2022 through December 31, 2022; September 22, 2021 through December 31, 2024; June 20, 2022 through June 30, 2025 Criteria or Specific Requirement: 2 CFR section 200.332(a) requires pass-through entities to ensure every subaward is clearly identified to the subrecipient as a subaward and includes the required federal award identification information, all requirements imposed by the pass-through entity on the subrecipient, any additional requirements the pass-through entity imposes on the subrecipient, an indirect cost rate, a requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient’s records and financial statements, and appropriate terms and conditions concerning the closeout of the subaward. 2 CFR section 200.332(b) requires the pass-through entity to evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions for determining appropriate subrecipient monitoring. 2 CFR section 200.332(d) requires the pass-through entity to monitor the activities of the subrecipient to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward, and that the subaward performance goals are achieved. 2 CFR section 200.332(f) requires the passthrough entity to verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient’s federal awards expended during the respective fiscal year equaled or exceeded $750,000. Condition and Context: No supporting documentation was provided for the three subrecipients. No subaward agreements included all required information and none were executed and signed. No risk assessments were performed and documented. No monitoring procedures were performed other than reviewing invoices to be paid. Per the draft subawards, quarterly site visits were to occur, but none were performed and documented. There was no documentation of whether the 3 subrecipients were expected to/are being audited per the Uniform Guidance. Cause: Internal controls have not been designed, implemented, and documented in written procedures. Internal controls are not designed or implemented to ensure subrecipient agreements include the required information, to perform risk assessments, to establish monitoring procedures based on risks, to ensure monitoring takes placed as planned, and to verify whether subrecipients that expended $750,000 or more in federal awards is audited in accordance with the Uniform Guidance. Effect or Potential Effect: Questioned costs may be disallowed and requested to be repaid. Questioned Costs: $298,051; amount per GL paid to three subrecipients during the fiscal year. Repeat Finding: No. Recommendation: Procedures for subrecipient monitoring to meet federal statutes, regulations, and terms and conditions of the awards should be developed and documented. Internal controls should be designed, implemented, and documented within the subrecipient monitoring procedures to ensure compliance with 2 CFR section 200.332. Subrecipient monitoring activities should be performed and documented. Views of Responsible Officials: Boys and Girls Club of Dane County, Inc. agrees with the finding and is implementing written procedures.