U.S. Department of Health and Human Services AL No. 93.686 Ending the HIV Epidemic: A Plan for America Material Weakness in Internal Controls and Noncompliance over Subrecipient Monitoring Repeat Finding: No Condition: For 1 out of 1 selection, management was unable to provide evidence that subrecipient monitoring was performed to ensure compliance with accounting requirements. For 1 out of 1 selection, we were unable to verify the subrecipient 's active registration on SAM.gov. For 1 out of 1 selection, there was no evidence that the prior year Single Audit Report was reviewed. Criteria: In accordance with 2 CFR 200.303: Internal Control, The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In accordance with 2 CFR §25.300: (a) A recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier. (b) A recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier as described in paragraph (a) of this section. According to 2 CFR §200.332, all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the Federal award identification including the subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), identification of whether the award is R&D and indirect cost rate for the Federal award. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) the results of previous audits including whether or not the subrecipient receives a Single Audit d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. (f) Verify that every subrecipient is audited as required by 2 CFR § 200.331 when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Cause: The Baltimore City Health Department (BCHD) did not have proper controls in place to ensure the subrecipient monitoring requirements of the grant were met. Effect: BCHD was not be in compliance with the subrecipient monitoring requirements of the grant. Questioned Costs: Unknown. Recommendation: We recommend the City establish and implement controls to maintain compliance with subrecipient monitoring requirements. Auditee Response and Corrective Action Plan: Management agrees with the finding. Refer to the corrective action plan on current findings in Part V of this report. Auditor’s Conclusion: Finding remains as stated.
U.S. Department of Health and Human Services AL No. 93.686 Ending the HIV Epidemic: A Plan for America Material Weakness in Internal Controls and Noncompliance over Subrecipient Monitoring Repeat Finding: No Condition: For 1 out of 1 selection, management was unable to provide evidence that subrecipient monitoring was performed to ensure compliance with accounting requirements. For 1 out of 1 selection, we were unable to verify the subrecipient 's active registration on SAM.gov. For 1 out of 1 selection, there was no evidence that the prior year Single Audit Report was reviewed. Criteria: In accordance with 2 CFR 200.303: Internal Control, The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In accordance with 2 CFR §25.300: (a) A recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier. (b) A recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier as described in paragraph (a) of this section. According to 2 CFR §200.332, all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the Federal award identification including the subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), identification of whether the award is R&D and indirect cost rate for the Federal award. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) the results of previous audits including whether or not the subrecipient receives a Single Audit d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. (f) Verify that every subrecipient is audited as required by 2 CFR § 200.331 when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Cause: The Baltimore City Health Department (BCHD) did not have proper controls in place to ensure the subrecipient monitoring requirements of the grant were met. Effect: BCHD was not be in compliance with the subrecipient monitoring requirements of the grant. Questioned Costs: Unknown. Recommendation: We recommend the City establish and implement controls to maintain compliance with subrecipient monitoring requirements. Auditee Response and Corrective Action Plan: Management agrees with the finding. Refer to the corrective action plan on current findings in Part V of this report. Auditor’s Conclusion: Finding remains as stated.
U.S. Department of Health and Human Services AL No. 93.914 HIV Emergency Relief Project Grants Material Weakness in Internal Controls and Noncompliance over Subrecipient Monitoring Repeat Finding: No Condition: For 7 out of 7 selections, we were unable to verify the subrecipient's active registration on SAM.gov. For 7 out of 7 selections, there was no evidence that subrecipients’ Single Audit Report was reviewed. Criteria: In accordance with 2 CFR 200.303: Internal Control, The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In accordance with 2 CFR §25.300: (a) A recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier. (b) A recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier as described in paragraph (a) of this section. According to 2 CFR §200.332, all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the Federal award identification including the subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), identification of whether the award is R&D and indirect cost rate for the Federal award. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) the results of previous audits including whether or not the subrecipient receives a Single Audit (c) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. (e) Verify that every subrecipient is audited as required by 2 CFR § 200.331 when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Cause: BCHD did not have proper controls in place to ensure the subrecipient monitoring requirements of the grant were met. Effect: BCHD was not in compliance with the subrecipient monitoring requirements of the grant. Questioned Costs: Unknown. Recommendation: We recommend the City establish and implement controls to maintain compliance with subrecipient monitoring requirements. Auditee Response and Corrective Action Plan: Management agrees with the finding. Refer to the corrective action plan on current findings in Part V of this report. Auditor’s Conclusion: Finding remains
U.S. Department of Health and Human Services AL No. 93.914 HIV Emergency Relief Project Grants Material Weakness in Internal Controls and Noncompliance over Subrecipient Monitoring Repeat Finding: No Condition: For 7 out of 7 selections, we were unable to verify the subrecipient's active registration on SAM.gov. For 7 out of 7 selections, there was no evidence that subrecipients’ Single Audit Report was reviewed. Criteria: In accordance with 2 CFR 200.303: Internal Control, The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In accordance with 2 CFR §25.300: (a) A recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier. (b) A recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier as described in paragraph (a) of this section. According to 2 CFR §200.332, all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the Federal award identification including the subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), identification of whether the award is R&D and indirect cost rate for the Federal award. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) the results of previous audits including whether or not the subrecipient receives a Single Audit (c) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. (e) Verify that every subrecipient is audited as required by 2 CFR § 200.331 when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Cause: BCHD did not have proper controls in place to ensure the subrecipient monitoring requirements of the grant were met. Effect: BCHD was not in compliance with the subrecipient monitoring requirements of the grant. Questioned Costs: Unknown. Recommendation: We recommend the City establish and implement controls to maintain compliance with subrecipient monitoring requirements. Auditee Response and Corrective Action Plan: Management agrees with the finding. Refer to the corrective action plan on current findings in Part V of this report. Auditor’s Conclusion: Finding remains
U.S. Department of Health and Human Services AL No. 93.914 HIV Emergency Relief Project Grants Material Weakness in Internal Controls and Noncompliance over Subrecipient Monitoring Repeat Finding: No Condition: For 7 out of 7 selections, we were unable to verify the subrecipient's active registration on SAM.gov. For 7 out of 7 selections, there was no evidence that subrecipients’ Single Audit Report was reviewed. Criteria: In accordance with 2 CFR 200.303: Internal Control, The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In accordance with 2 CFR §25.300: (a) A recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier. (b) A recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier as described in paragraph (a) of this section. According to 2 CFR §200.332, all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the Federal award identification including the subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), identification of whether the award is R&D and indirect cost rate for the Federal award. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) the results of previous audits including whether or not the subrecipient receives a Single Audit (c) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. (e) Verify that every subrecipient is audited as required by 2 CFR § 200.331 when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Cause: BCHD did not have proper controls in place to ensure the subrecipient monitoring requirements of the grant were met. Effect: BCHD was not in compliance with the subrecipient monitoring requirements of the grant. Questioned Costs: Unknown. Recommendation: We recommend the City establish and implement controls to maintain compliance with subrecipient monitoring requirements. Auditee Response and Corrective Action Plan: Management agrees with the finding. Refer to the corrective action plan on current findings in Part V of this report. Auditor’s Conclusion: Finding remains
U.S. Department of Health and Human Services AL No. 93.914 HIV Emergency Relief Project Grants Material Weakness in Internal Controls and Noncompliance over Subrecipient Monitoring Repeat Finding: No Condition: For 7 out of 7 selections, we were unable to verify the subrecipient's active registration on SAM.gov. For 7 out of 7 selections, there was no evidence that subrecipients’ Single Audit Report was reviewed. Criteria: In accordance with 2 CFR 200.303: Internal Control, The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In accordance with 2 CFR §25.300: (a) A recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier. (b) A recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier as described in paragraph (a) of this section. According to 2 CFR §200.332, all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the Federal award identification including the subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), identification of whether the award is R&D and indirect cost rate for the Federal award. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) the results of previous audits including whether or not the subrecipient receives a Single Audit (c) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. (e) Verify that every subrecipient is audited as required by 2 CFR § 200.331 when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Cause: BCHD did not have proper controls in place to ensure the subrecipient monitoring requirements of the grant were met. Effect: BCHD was not in compliance with the subrecipient monitoring requirements of the grant. Questioned Costs: Unknown. Recommendation: We recommend the City establish and implement controls to maintain compliance with subrecipient monitoring requirements. Auditee Response and Corrective Action Plan: Management agrees with the finding. Refer to the corrective action plan on current findings in Part V of this report. Auditor’s Conclusion: Finding remains
U.S. Department of Health and Human Services AL No. 93.914 HIV Emergency Relief Project Grants Material Weakness in Internal Controls and Noncompliance over Subrecipient Monitoring Repeat Finding: No Condition: For 7 out of 7 selections, we were unable to verify the subrecipient's active registration on SAM.gov. For 7 out of 7 selections, there was no evidence that subrecipients’ Single Audit Report was reviewed. Criteria: In accordance with 2 CFR 200.303: Internal Control, The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In accordance with 2 CFR §25.300: (a) A recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier. (b) A recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier as described in paragraph (a) of this section. According to 2 CFR §200.332, all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the Federal award identification including the subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), identification of whether the award is R&D and indirect cost rate for the Federal award. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) the results of previous audits including whether or not the subrecipient receives a Single Audit (c) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. (e) Verify that every subrecipient is audited as required by 2 CFR § 200.331 when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Cause: BCHD did not have proper controls in place to ensure the subrecipient monitoring requirements of the grant were met. Effect: BCHD was not in compliance with the subrecipient monitoring requirements of the grant. Questioned Costs: Unknown. Recommendation: We recommend the City establish and implement controls to maintain compliance with subrecipient monitoring requirements. Auditee Response and Corrective Action Plan: Management agrees with the finding. Refer to the corrective action plan on current findings in Part V of this report. Auditor’s Conclusion: Finding remains
U.S. Department of Health and Human Services AL No. 93.940 HIV Prevention Activities Health Department Based Material Weakness in Internal Controls and Noncompliance over Subrecipient Monitoring Repeat Finding: No Condition: For 2 out of 4 selections, management was unable to provide evidence that subrecipient monitoring was performed to ensure compliance with Federal requirements. For 1 out of 4 selections, there was no approval on the subrecipient monitoring report. For 4 out of 4 selections, we were unable to verify the subrecipient’s active registration on SAM.gov. For 4 out of 4 selections, there was no evidence that the subrecipients’ Single Audit Report was reviewed. Criteria: In accordance with 2 CFR §200.303: The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non- Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In accordance with 2 CFR §25.300: (a) A recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier. (b) A recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier as described in paragraph (a) of this section. According to 2 CFR §200.332, all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the Federal award identification including the subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), identification of whether the award is R&D and indirect cost rate for the Federal award. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) the results of previous audits including whether or not the subrecipient receives a Single Audit (c) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. (e) Verify that every subrecipient is audited as required by 2 CFR § 200.331 when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Cause: The Baltimore City Health Department (BCHD) did not have proper controls in place to ensure the subrecipient monitoring requirements of the grant were met. Effect: BCHD may not be in compliance with the subrecipient monitoring requirements of the grant. Questioned Costs: Unknown. Recommendation: We recommend the City establish and implement controls to maintain compliance with subrecipient monitoring requirements. Auditee Response and Corrective Action Plan: Management agrees with the finding. Refer to the corrective action plan on current findings in Part V of this report. Auditor’s Conclusion: Finding remains as stated.
U.S. Department of Health and Human Services AL No. 93.940 HIV Prevention Activities Health Department Based Material Weakness in Internal Controls and Noncompliance over Subrecipient Monitoring Repeat Finding: No Condition: For 2 out of 4 selections, management was unable to provide evidence that subrecipient monitoring was performed to ensure compliance with Federal requirements. For 1 out of 4 selections, there was no approval on the subrecipient monitoring report. For 4 out of 4 selections, we were unable to verify the subrecipient’s active registration on SAM.gov. For 4 out of 4 selections, there was no evidence that the subrecipients’ Single Audit Report was reviewed. Criteria: In accordance with 2 CFR §200.303: The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non- Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In accordance with 2 CFR §25.300: (a) A recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier. (b) A recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier as described in paragraph (a) of this section. According to 2 CFR §200.332, all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the Federal award identification including the subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), identification of whether the award is R&D and indirect cost rate for the Federal award. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) the results of previous audits including whether or not the subrecipient receives a Single Audit (c) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. (e) Verify that every subrecipient is audited as required by 2 CFR § 200.331 when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Cause: The Baltimore City Health Department (BCHD) did not have proper controls in place to ensure the subrecipient monitoring requirements of the grant were met. Effect: BCHD may not be in compliance with the subrecipient monitoring requirements of the grant. Questioned Costs: Unknown. Recommendation: We recommend the City establish and implement controls to maintain compliance with subrecipient monitoring requirements. Auditee Response and Corrective Action Plan: Management agrees with the finding. Refer to the corrective action plan on current findings in Part V of this report. Auditor’s Conclusion: Finding remains as stated.
U.S. Department of Health and Human Services AL No. 93.940 HIV Prevention Activities Health Department Based Material Weakness in Internal Controls and Noncompliance over Subrecipient Monitoring Repeat Finding: No Condition: For 2 out of 4 selections, management was unable to provide evidence that subrecipient monitoring was performed to ensure compliance with Federal requirements. For 1 out of 4 selections, there was no approval on the subrecipient monitoring report. For 4 out of 4 selections, we were unable to verify the subrecipient’s active registration on SAM.gov. For 4 out of 4 selections, there was no evidence that the subrecipients’ Single Audit Report was reviewed. Criteria: In accordance with 2 CFR §200.303: The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non- Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In accordance with 2 CFR §25.300: (a) A recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier. (b) A recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier as described in paragraph (a) of this section. According to 2 CFR §200.332, all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the Federal award identification including the subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), identification of whether the award is R&D and indirect cost rate for the Federal award. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) the results of previous audits including whether or not the subrecipient receives a Single Audit (c) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. (e) Verify that every subrecipient is audited as required by 2 CFR § 200.331 when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Cause: The Baltimore City Health Department (BCHD) did not have proper controls in place to ensure the subrecipient monitoring requirements of the grant were met. Effect: BCHD may not be in compliance with the subrecipient monitoring requirements of the grant. Questioned Costs: Unknown. Recommendation: We recommend the City establish and implement controls to maintain compliance with subrecipient monitoring requirements. Auditee Response and Corrective Action Plan: Management agrees with the finding. Refer to the corrective action plan on current findings in Part V of this report. Auditor’s Conclusion: Finding remains as stated.
U.S. Department of Health and Human Services AL No. 93.940 HIV Prevention Activities Health Department Based Material Weakness in Internal Controls and Noncompliance over Subrecipient Monitoring Repeat Finding: No Condition: For 2 out of 4 selections, management was unable to provide evidence that subrecipient monitoring was performed to ensure compliance with Federal requirements. For 1 out of 4 selections, there was no approval on the subrecipient monitoring report. For 4 out of 4 selections, we were unable to verify the subrecipient’s active registration on SAM.gov. For 4 out of 4 selections, there was no evidence that the subrecipients’ Single Audit Report was reviewed. Criteria: In accordance with 2 CFR §200.303: The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non- Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In accordance with 2 CFR §25.300: (a) A recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier. (b) A recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier as described in paragraph (a) of this section. According to 2 CFR §200.332, all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the Federal award identification including the subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), identification of whether the award is R&D and indirect cost rate for the Federal award. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) the results of previous audits including whether or not the subrecipient receives a Single Audit (c) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. (e) Verify that every subrecipient is audited as required by 2 CFR § 200.331 when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Cause: The Baltimore City Health Department (BCHD) did not have proper controls in place to ensure the subrecipient monitoring requirements of the grant were met. Effect: BCHD may not be in compliance with the subrecipient monitoring requirements of the grant. Questioned Costs: Unknown. Recommendation: We recommend the City establish and implement controls to maintain compliance with subrecipient monitoring requirements. Auditee Response and Corrective Action Plan: Management agrees with the finding. Refer to the corrective action plan on current findings in Part V of this report. Auditor’s Conclusion: Finding remains as stated.
U.S. Department of Health and Human Services AL No. 93.940 HIV Prevention Activities Health Department Based Material Weakness in Internal Controls and Noncompliance over Subrecipient Monitoring Repeat Finding: No Condition: For 2 out of 4 selections, management was unable to provide evidence that subrecipient monitoring was performed to ensure compliance with Federal requirements. For 1 out of 4 selections, there was no approval on the subrecipient monitoring report. For 4 out of 4 selections, we were unable to verify the subrecipient’s active registration on SAM.gov. For 4 out of 4 selections, there was no evidence that the subrecipients’ Single Audit Report was reviewed. Criteria: In accordance with 2 CFR §200.303: The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non- Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In accordance with 2 CFR §25.300: (a) A recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier. (b) A recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier as described in paragraph (a) of this section. According to 2 CFR §200.332, all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the Federal award identification including the subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), identification of whether the award is R&D and indirect cost rate for the Federal award. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) the results of previous audits including whether or not the subrecipient receives a Single Audit (c) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. (e) Verify that every subrecipient is audited as required by 2 CFR § 200.331 when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Cause: The Baltimore City Health Department (BCHD) did not have proper controls in place to ensure the subrecipient monitoring requirements of the grant were met. Effect: BCHD may not be in compliance with the subrecipient monitoring requirements of the grant. Questioned Costs: Unknown. Recommendation: We recommend the City establish and implement controls to maintain compliance with subrecipient monitoring requirements. Auditee Response and Corrective Action Plan: Management agrees with the finding. Refer to the corrective action plan on current findings in Part V of this report. Auditor’s Conclusion: Finding remains as stated.
U.S. Department of Health and Human Services AL No. 93.940 HIV Prevention Activities Health Department Based Material Weakness in Internal Controls and Noncompliance over Subrecipient Monitoring Repeat Finding: No Condition: For 2 out of 4 selections, management was unable to provide evidence that subrecipient monitoring was performed to ensure compliance with Federal requirements. For 1 out of 4 selections, there was no approval on the subrecipient monitoring report. For 4 out of 4 selections, we were unable to verify the subrecipient’s active registration on SAM.gov. For 4 out of 4 selections, there was no evidence that the subrecipients’ Single Audit Report was reviewed. Criteria: In accordance with 2 CFR §200.303: The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non- Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In accordance with 2 CFR §25.300: (a) A recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier. (b) A recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier as described in paragraph (a) of this section. According to 2 CFR §200.332, all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the Federal award identification including the subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), identification of whether the award is R&D and indirect cost rate for the Federal award. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) the results of previous audits including whether or not the subrecipient receives a Single Audit (c) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. (e) Verify that every subrecipient is audited as required by 2 CFR § 200.331 when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Cause: The Baltimore City Health Department (BCHD) did not have proper controls in place to ensure the subrecipient monitoring requirements of the grant were met. Effect: BCHD may not be in compliance with the subrecipient monitoring requirements of the grant. Questioned Costs: Unknown. Recommendation: We recommend the City establish and implement controls to maintain compliance with subrecipient monitoring requirements. Auditee Response and Corrective Action Plan: Management agrees with the finding. Refer to the corrective action plan on current findings in Part V of this report. Auditor’s Conclusion: Finding remains as stated.
U.S. Department of Health and Human Services AL No. 93.940 HIV Prevention Activities Health Department Based Material Weakness in Internal Controls and Noncompliance over Subrecipient Monitoring Repeat Finding: No Condition: For 2 out of 4 selections, management was unable to provide evidence that subrecipient monitoring was performed to ensure compliance with Federal requirements. For 1 out of 4 selections, there was no approval on the subrecipient monitoring report. For 4 out of 4 selections, we were unable to verify the subrecipient’s active registration on SAM.gov. For 4 out of 4 selections, there was no evidence that the subrecipients’ Single Audit Report was reviewed. Criteria: In accordance with 2 CFR §200.303: The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non- Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In accordance with 2 CFR §25.300: (a) A recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier. (b) A recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier as described in paragraph (a) of this section. According to 2 CFR §200.332, all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the Federal award identification including the subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), identification of whether the award is R&D and indirect cost rate for the Federal award. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) the results of previous audits including whether or not the subrecipient receives a Single Audit (c) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. (e) Verify that every subrecipient is audited as required by 2 CFR § 200.331 when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Cause: The Baltimore City Health Department (BCHD) did not have proper controls in place to ensure the subrecipient monitoring requirements of the grant were met. Effect: BCHD may not be in compliance with the subrecipient monitoring requirements of the grant. Questioned Costs: Unknown. Recommendation: We recommend the City establish and implement controls to maintain compliance with subrecipient monitoring requirements. Auditee Response and Corrective Action Plan: Management agrees with the finding. Refer to the corrective action plan on current findings in Part V of this report. Auditor’s Conclusion: Finding remains as stated.
Finding Number: 2023-002 – Subrecipient Monitoring Evaluation of Finding: Material Weakness/Noncompliance Federal Program: Community Services Block Grant Federal Assistance No.: 93.569 Title: CSBG-CV Federal Grantor: U.S. Department of Health and Human Services Pass-Through Entity: State of California, Department of Community Services and Development Grant number: 20F-3684 Criteria or specified requirement: 2 CFR sections 200.332 requires that pass-through entities evaluate each subrecipients risk of noncompliance with federal awards and monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes in compliance with the conditions of the subaward; and that subaward performance goals are achieved, at the time of sub-award. Condition: The Authority has procedures in place to comply with certain subrecipient monitoring requirements, however, the procedures did not include all requirements under 2 CFR sections 200.332 until March of 2023. The Authority is required to evaluate risk, monitor the activities of the subrecipient and ensure accountability of subrecipients, prior to, and at the time of, sub-awards. The primary activity performed by the Authority prior to March 2023, was the review of reimbursement request details to ensure that the subrecipient’s expenditures were eligible under the federal program. From March 2023 through June 2023, the Authority was following a newly implemented subrecipient monitoring policy. Cause: The Authority did not have a subrecipient monitoring policy in place for at the time of sub-award until March 2023. Effect: The subrecipients were not sufficiently monitored as required under Uniform Guidance for the full fiscal year. Questioned Costs: None Context: The Authority’s policy did not include all of the required monitoring activities resulting in a systemic deficiency in subrecipient monitoring, until a new policy was implemented in March 2023. Recommendation: We recommend that the Authority continue following their newly established policy to include all subrecipient monitoring activities and consider including alternative procedures for onsite reviews when in person monitoring cannot take place. Additionally, we recommend this policy is reviewed on an annual basis for potential amendments, as a best practice. Management Response and Corrective Action: We are in agreement with the finding. These were discovered during the 2022 CSD desk audit and as a result, a revised subrecipient monitoring policies and procedures manual was drafted. In addition, the following actions were also taken: 1. The Subrecipient Monitoring policy and procedures were updated in August 2022 to include the procedures for evaluating risk for subrecipients and revise monitoring procedures. These procedures were updated to include checking the Federal Awards clearinghouse annually to assess audit requirements for all subrecipients and ensure the monitoring policy includes procedures when those audits result in any concerns or findings for subrecipients. A revised risk assessment is conducted for each subrecipient. As stated in the finding, a new subrecipient monitoring policy was implemented in March 2023 and staff has following this policy since that time and will continue to do so.
Finding Number: 2023-002 – Subrecipient Monitoring Evaluation of Finding: Material Weakness/Noncompliance Federal Program: Community Services Block Grant Federal Assistance No.: 93.569 Title: CSBG-CV Federal Grantor: U.S. Department of Health and Human Services Pass-Through Entity: State of California, Department of Community Services and Development Grant number: 20F-3684 Criteria or specified requirement: 2 CFR sections 200.332 requires that pass-through entities evaluate each subrecipients risk of noncompliance with federal awards and monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes in compliance with the conditions of the subaward; and that subaward performance goals are achieved, at the time of sub-award. Condition: The Authority has procedures in place to comply with certain subrecipient monitoring requirements, however, the procedures did not include all requirements under 2 CFR sections 200.332 until March of 2023. The Authority is required to evaluate risk, monitor the activities of the subrecipient and ensure accountability of subrecipients, prior to, and at the time of, sub-awards. The primary activity performed by the Authority prior to March 2023, was the review of reimbursement request details to ensure that the subrecipient’s expenditures were eligible under the federal program. From March 2023 through June 2023, the Authority was following a newly implemented subrecipient monitoring policy. Cause: The Authority did not have a subrecipient monitoring policy in place for at the time of sub-award until March 2023. Effect: The subrecipients were not sufficiently monitored as required under Uniform Guidance for the full fiscal year. Questioned Costs: None Context: The Authority’s policy did not include all of the required monitoring activities resulting in a systemic deficiency in subrecipient monitoring, until a new policy was implemented in March 2023. Recommendation: We recommend that the Authority continue following their newly established policy to include all subrecipient monitoring activities and consider including alternative procedures for onsite reviews when in person monitoring cannot take place. Additionally, we recommend this policy is reviewed on an annual basis for potential amendments, as a best practice. Management Response and Corrective Action: We are in agreement with the finding. These were discovered during the 2022 CSD desk audit and as a result, a revised subrecipient monitoring policies and procedures manual was drafted. In addition, the following actions were also taken: 1. The Subrecipient Monitoring policy and procedures were updated in August 2022 to include the procedures for evaluating risk for subrecipients and revise monitoring procedures. These procedures were updated to include checking the Federal Awards clearinghouse annually to assess audit requirements for all subrecipients and ensure the monitoring policy includes procedures when those audits result in any concerns or findings for subrecipients. A revised risk assessment is conducted for each subrecipient. As stated in the finding, a new subrecipient monitoring policy was implemented in March 2023 and staff has following this policy since that time and will continue to do so.
Finding Number: 2023-002 – Subrecipient Monitoring Evaluation of Finding: Material Weakness/Noncompliance Federal Program: Community Services Block Grant Federal Assistance No.: 93.569 Title: CSBG-CV Federal Grantor: U.S. Department of Health and Human Services Pass-Through Entity: State of California, Department of Community Services and Development Grant number: 20F-3684 Criteria or specified requirement: 2 CFR sections 200.332 requires that pass-through entities evaluate each subrecipients risk of noncompliance with federal awards and monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes in compliance with the conditions of the subaward; and that subaward performance goals are achieved, at the time of sub-award. Condition: The Authority has procedures in place to comply with certain subrecipient monitoring requirements, however, the procedures did not include all requirements under 2 CFR sections 200.332 until March of 2023. The Authority is required to evaluate risk, monitor the activities of the subrecipient and ensure accountability of subrecipients, prior to, and at the time of, sub-awards. The primary activity performed by the Authority prior to March 2023, was the review of reimbursement request details to ensure that the subrecipient’s expenditures were eligible under the federal program. From March 2023 through June 2023, the Authority was following a newly implemented subrecipient monitoring policy. Cause: The Authority did not have a subrecipient monitoring policy in place for at the time of sub-award until March 2023. Effect: The subrecipients were not sufficiently monitored as required under Uniform Guidance for the full fiscal year. Questioned Costs: None Context: The Authority’s policy did not include all of the required monitoring activities resulting in a systemic deficiency in subrecipient monitoring, until a new policy was implemented in March 2023. Recommendation: We recommend that the Authority continue following their newly established policy to include all subrecipient monitoring activities and consider including alternative procedures for onsite reviews when in person monitoring cannot take place. Additionally, we recommend this policy is reviewed on an annual basis for potential amendments, as a best practice. Management Response and Corrective Action: We are in agreement with the finding. These were discovered during the 2022 CSD desk audit and as a result, a revised subrecipient monitoring policies and procedures manual was drafted. In addition, the following actions were also taken: 1. The Subrecipient Monitoring policy and procedures were updated in August 2022 to include the procedures for evaluating risk for subrecipients and revise monitoring procedures. These procedures were updated to include checking the Federal Awards clearinghouse annually to assess audit requirements for all subrecipients and ensure the monitoring policy includes procedures when those audits result in any concerns or findings for subrecipients. A revised risk assessment is conducted for each subrecipient. As stated in the finding, a new subrecipient monitoring policy was implemented in March 2023 and staff has following this policy since that time and will continue to do so.
Assistance Listings numbers and names: 14.231 Emergency Solutions Grant Program 14.231 COVID-19 - Emergency Solutions Grant Program Award numbers and years: E-20-DW-04-001, July 1, 2020 through September 30, 2022; E-21-DC-04-001, July 1, 2021 through September 30, 2023 Federal agency: U.S. Department of Housing and Urban Development Questioned costs: $1,820 Assistance Listings numbers and names: 93.558 Temporary Assistance for Needy Families 93.558 COVID-19 - Temporary Assistance for Needy Families Award numbers and years: 2201AZTANF, October 1, 2021 through September 30, 2022; 2301AZTANF, October 1, 2022 through September 30, 2023 Federal agency: U.S. Department of Health and Human Services Questioned costs: $10,330 Compliance requirement: Subrecipient monitoring Total questioned costs: $12,150 Condition—Contrary to federal regulations and its federal award terms, the Department of Economic Security (DES) reimbursed 1 nonprofit organization subrecipient for federal program costs totaling $12,150 during fiscal year 2023 that were unsupported, unallowable, and/or paid to the nonprofit organization’s principal officers or their immediate family member in violation of conflict-of-interest disclosure requirements. Specifically, we reviewed 14 reimbursements that included Emergency Solutions Grant Program (ESG) and Temporary Assistance for Needy Family (TANF) program costs totaling $26,120 and $65,730 for the year, respectively, and found that DES reimbursed the subrecipient: • $4,733 for financial and accounting services that were paid to 1 of the nonprofit organization’s principal officers, who served as the Treasurer, and their company, which was not disclosed as a conflict of interest to DES as required by DES’ contract with the subrecipient and federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, DES did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the program’s requirements ($112 for ESG and $4,621 for TANF). • $7,417 for bookkeeping services that were not adequately supported by sufficiently detailed invoices and a signed, written contract having a specified price rate for the services and terms; therefore, we were unable to verify if the amounts paid were appropriate. Further, DES reimbursed the subrecipient for payments made to the Treasurer’s family member, whose bookkeeping services company was not disclosed as a conflict of interest to DES as required by federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, DES did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the program’s requirements ($1,708 for ESG and $5,709 for TANF). Additionally, contrary to federal regulations, DES had not ensured that the subrecipient implemented competitive purchasing procedures when procuring the professional services described above, and the subrecipient was unable to provide documentation that it had competitively procured the services. ESG was not audited as a major federal program for the State’s fiscal year 2023 single audit; therefore, the scope of our review was not sufficient to determine whether DES or its subrecipients complied with all applicable federal requirements for this program. We audited the TANF program as a major federal program for the State’s fiscal year 2023 single audit, and we performed follow-up procedures to the review that we conducted during fiscal year 2022. During the audit, we became aware of the potentially noncompliant 14 reimbursements involving 1 of DES’ nonprofit subrecipients with which it partnered to carry out federal and State programs, including the Continuum of Care Program (Assistance Listings number 14.267), ESG, and TANF, which was audited as a major federal program for fiscal year 2023, as well as the State Housing Trust Fund. Our review of select reimbursements to this subrecipient resulted in similar findings for the federal Continuum of Care Program and the State Housing Trust Fund that are described in findings 2023-116 and 2023-06, respectively. Effect—DES’ reimbursing a nonprofit organization subrecipient for $12,150 of unallowable or unsupported costs and/or costs paid to the nonprofit organization’s principal officer or their immediate family member in violation of conflict-of-interest disclosure requirements resulted in those monies being unavailable to be spent for their intended purpose of providing housing assistance to those in need. Consequently, DES may be required to return these monies to the federal agencies in accordance with federal requirements.1 Cause—Although DES’ subrecipient monitoring policies and procedures did not require it to obtain from subrecipients documentation supporting charges for personal and contracted professional services to verify allowability when subrecipients requested reimbursement, the policies and procedures required an on-site monitoring visit once every 3 years for each subrecipient in which it reviews a sample of the subrecipient’s personal and professional services charges. However, DES had not performed an on-site monitoring visit of the nonprofit subrecipient since 2018 because it had not yet resumed all its subrecipient-monitoring activities, such as conducting on-site reviews and providing training and technical assistance, since suspending these activities during the COVID-19 pandemic during fiscal year 2020. In addition, DES had not properly assessed the subrecipient’s risk of noncompliance with its award contract and program requirements to determine the level of monitoring procedures it should put in place or training the subrecipient needed. For example, DES was unaware that the subrecipient had not informed it of a principal officer’s conflicts of interest so that it could ensure that the principal officer and their immediate family member were not involved in decision-making related to those conflicts and selectively reviewed the related costs and activities for compliance purposes. Criteria—Federal regulations require DES to monitor subrecipients and include required procedures for assessing the risk of each subrecipient’s noncompliance and implementing appropriate monitoring procedures to address those risk assessments; verifying single audits were conducted timely, if required; reviewing financial and performance reports; following up on and ensuring corrective action is taken on deficiencies that could potentially affect the program; and issuing management decisions on the results of audit findings or monitoring.2 Federal regulations provide that monitoring procedures DES may implement to address a subrecipient’s risk assessment include providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs.2 In addition, federal regulations require DES’ subrecipients to allocate allowable costs using a reasonable basis, to use competitive purchasing standards when procuring goods and services, and to disclose in writing to DES any potential conflicts of interest.3 Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303 and 45 CFR §75.303). Recommendations—DES should: 1. Immediately stop reimbursing the nonprofit subrecipient for costs that are unsupported, unallowable, and/or paid to the nonprofit subrecipient’s principal officer or their immediate family member in violation of federal regulations and take appropriate enforcement actions in accordance with its subaward contract. 2. Update its written policies and procedures for reviewing and approving subrecipient reimbursement requests to include a process to ensure costs are adequately supported, allowable in accordance with program requirements, and approved by the appropriate level of management. 3. Train personnel responsible for reviewing and approving subrecipient reimbursement requests on how to identify costs that are unallowable under federal regulations. 4. Assess the risk of each subrecipient’s noncompliance and perform the appropriate monitoring procedures based on the assessed risk, such as providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs for allowability. 5. Ensure subrecipients allocate allowable costs using a reasonable basis, use competitive purchasing standards when procuring goods and services, and disclose in writing to DES any potential conflicts of interest. DES may need to provide training and technical assistance to subrecipients that address these compliance areas, including DES obtaining conflict-of-interest disclosures from subrecipients as part of the subaward contract, as an example, or otherwise establishing a communication mechanism for subrecipients to use as such conflicts arise. 6. Continue to work with the nonprofit subrecipient to resolve the $12,150 of unallowable costs, including recovering these monies from the subrecipient and assessing the continued need to use this subrecipient for services. 7. Work with the federal agencies to resolve the $12,150 of unallowable costs that it reimbursed, which may involve returning monies to the agencies. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year findings 2022-114 (TANF) and 2022-115 (ESG) and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance and U.S. Health and Human Services audit requirements require federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c] and 45 CFR §75.513[c]). Further, they require that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521 and 45 CFR §75.521). 2 The applicable federal requirements related to subrecipient monitoring can be found in the Code of Federal Regulations at 2 CFR §§200.332, .339, and .521 and 45 CFR §§75.352, .371, and .521. 3 The applicable federal requirements related to allowable costs, competitive purchasing, and conflicts of interest can be found in the Code of Federal Regulations at 2 CFR §§200.112, .318-.327, and Subpart E; 24 CFR §578.95; and 45 CFR §§75.112, .326-.335, and Subpart E.
Assistance Listings numbers and names: 14.231 Emergency Solutions Grant Program 14.231 COVID-19 - Emergency Solutions Grant Program Award numbers and years: E-20-DW-04-001, July 1, 2020 through September 30, 2022; E-21-DC-04-001, July 1, 2021 through September 30, 2023 Federal agency: U.S. Department of Housing and Urban Development Questioned costs: $1,820 Assistance Listings numbers and names: 93.558 Temporary Assistance for Needy Families 93.558 COVID-19 - Temporary Assistance for Needy Families Award numbers and years: 2201AZTANF, October 1, 2021 through September 30, 2022; 2301AZTANF, October 1, 2022 through September 30, 2023 Federal agency: U.S. Department of Health and Human Services Questioned costs: $10,330 Compliance requirement: Subrecipient monitoring Total questioned costs: $12,150 Condition—Contrary to federal regulations and its federal award terms, the Department of Economic Security (DES) reimbursed 1 nonprofit organization subrecipient for federal program costs totaling $12,150 during fiscal year 2023 that were unsupported, unallowable, and/or paid to the nonprofit organization’s principal officers or their immediate family member in violation of conflict-of-interest disclosure requirements. Specifically, we reviewed 14 reimbursements that included Emergency Solutions Grant Program (ESG) and Temporary Assistance for Needy Family (TANF) program costs totaling $26,120 and $65,730 for the year, respectively, and found that DES reimbursed the subrecipient: • $4,733 for financial and accounting services that were paid to 1 of the nonprofit organization’s principal officers, who served as the Treasurer, and their company, which was not disclosed as a conflict of interest to DES as required by DES’ contract with the subrecipient and federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, DES did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the program’s requirements ($112 for ESG and $4,621 for TANF). • $7,417 for bookkeeping services that were not adequately supported by sufficiently detailed invoices and a signed, written contract having a specified price rate for the services and terms; therefore, we were unable to verify if the amounts paid were appropriate. Further, DES reimbursed the subrecipient for payments made to the Treasurer’s family member, whose bookkeeping services company was not disclosed as a conflict of interest to DES as required by federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, DES did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the program’s requirements ($1,708 for ESG and $5,709 for TANF). Additionally, contrary to federal regulations, DES had not ensured that the subrecipient implemented competitive purchasing procedures when procuring the professional services described above, and the subrecipient was unable to provide documentation that it had competitively procured the services. ESG was not audited as a major federal program for the State’s fiscal year 2023 single audit; therefore, the scope of our review was not sufficient to determine whether DES or its subrecipients complied with all applicable federal requirements for this program. We audited the TANF program as a major federal program for the State’s fiscal year 2023 single audit, and we performed follow-up procedures to the review that we conducted during fiscal year 2022. During the audit, we became aware of the potentially noncompliant 14 reimbursements involving 1 of DES’ nonprofit subrecipients with which it partnered to carry out federal and State programs, including the Continuum of Care Program (Assistance Listings number 14.267), ESG, and TANF, which was audited as a major federal program for fiscal year 2023, as well as the State Housing Trust Fund. Our review of select reimbursements to this subrecipient resulted in similar findings for the federal Continuum of Care Program and the State Housing Trust Fund that are described in findings 2023-116 and 2023-06, respectively. Effect—DES’ reimbursing a nonprofit organization subrecipient for $12,150 of unallowable or unsupported costs and/or costs paid to the nonprofit organization’s principal officer or their immediate family member in violation of conflict-of-interest disclosure requirements resulted in those monies being unavailable to be spent for their intended purpose of providing housing assistance to those in need. Consequently, DES may be required to return these monies to the federal agencies in accordance with federal requirements.1 Cause—Although DES’ subrecipient monitoring policies and procedures did not require it to obtain from subrecipients documentation supporting charges for personal and contracted professional services to verify allowability when subrecipients requested reimbursement, the policies and procedures required an on-site monitoring visit once every 3 years for each subrecipient in which it reviews a sample of the subrecipient’s personal and professional services charges. However, DES had not performed an on-site monitoring visit of the nonprofit subrecipient since 2018 because it had not yet resumed all its subrecipient-monitoring activities, such as conducting on-site reviews and providing training and technical assistance, since suspending these activities during the COVID-19 pandemic during fiscal year 2020. In addition, DES had not properly assessed the subrecipient’s risk of noncompliance with its award contract and program requirements to determine the level of monitoring procedures it should put in place or training the subrecipient needed. For example, DES was unaware that the subrecipient had not informed it of a principal officer’s conflicts of interest so that it could ensure that the principal officer and their immediate family member were not involved in decision-making related to those conflicts and selectively reviewed the related costs and activities for compliance purposes. Criteria—Federal regulations require DES to monitor subrecipients and include required procedures for assessing the risk of each subrecipient’s noncompliance and implementing appropriate monitoring procedures to address those risk assessments; verifying single audits were conducted timely, if required; reviewing financial and performance reports; following up on and ensuring corrective action is taken on deficiencies that could potentially affect the program; and issuing management decisions on the results of audit findings or monitoring.2 Federal regulations provide that monitoring procedures DES may implement to address a subrecipient’s risk assessment include providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs.2 In addition, federal regulations require DES’ subrecipients to allocate allowable costs using a reasonable basis, to use competitive purchasing standards when procuring goods and services, and to disclose in writing to DES any potential conflicts of interest.3 Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303 and 45 CFR §75.303). Recommendations—DES should: 1. Immediately stop reimbursing the nonprofit subrecipient for costs that are unsupported, unallowable, and/or paid to the nonprofit subrecipient’s principal officer or their immediate family member in violation of federal regulations and take appropriate enforcement actions in accordance with its subaward contract. 2. Update its written policies and procedures for reviewing and approving subrecipient reimbursement requests to include a process to ensure costs are adequately supported, allowable in accordance with program requirements, and approved by the appropriate level of management. 3. Train personnel responsible for reviewing and approving subrecipient reimbursement requests on how to identify costs that are unallowable under federal regulations. 4. Assess the risk of each subrecipient’s noncompliance and perform the appropriate monitoring procedures based on the assessed risk, such as providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs for allowability. 5. Ensure subrecipients allocate allowable costs using a reasonable basis, use competitive purchasing standards when procuring goods and services, and disclose in writing to DES any potential conflicts of interest. DES may need to provide training and technical assistance to subrecipients that address these compliance areas, including DES obtaining conflict-of-interest disclosures from subrecipients as part of the subaward contract, as an example, or otherwise establishing a communication mechanism for subrecipients to use as such conflicts arise. 6. Continue to work with the nonprofit subrecipient to resolve the $12,150 of unallowable costs, including recovering these monies from the subrecipient and assessing the continued need to use this subrecipient for services. 7. Work with the federal agencies to resolve the $12,150 of unallowable costs that it reimbursed, which may involve returning monies to the agencies. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year findings 2022-114 (TANF) and 2022-115 (ESG) and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance and U.S. Health and Human Services audit requirements require federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c] and 45 CFR §75.513[c]). Further, they require that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521 and 45 CFR §75.521). 2 The applicable federal requirements related to subrecipient monitoring can be found in the Code of Federal Regulations at 2 CFR §§200.332, .339, and .521 and 45 CFR §§75.352, .371, and .521. 3 The applicable federal requirements related to allowable costs, competitive purchasing, and conflicts of interest can be found in the Code of Federal Regulations at 2 CFR §§200.112, .318-.327, and Subpart E; 24 CFR §578.95; and 45 CFR §§75.112, .326-.335, and Subpart E.
Assistance Listings number and name: 14.267 Continuum of Care Program Award number and year: AZ9999U9T002101, February 1, 2022 through June 30, 2023 Federal agency: U.S. Department of Housing and Urban Development Compliance requirement: Subrecipient monitoring Questioned costs: $40,455 Condition—Contrary to federal regulations and its federal award terms, the Department of Housing (Department) reimbursed 1 nonprofit organization subrecipient for federal program costs totaling $40,455 during fiscal year 2023 that were unsupported, unallowable, and/or paid to the nonprofit organization’s principal officers or their immediate family members in violation of conflict-of-interest disclosure requirements. Specifically, we reviewed 40 reimbursements that included Continuum of Care costs totaling $346,747 for the year and found that the Department reimbursed the subrecipient for: • $18,385 for financial and accounting services and supplies that were paid to 1 of the nonprofit organization’s principal officers, who served as the Treasurer, and their company, which was not disclosed as a conflict of interest to the Department as required by its contract with the subrecipient and federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, the Department did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the program’s requirements. • $20,664 for bookkeeping services that were not adequately supported by sufficiently detailed invoices and a signed, written contract having a specified price rate for the services and terms; therefore, we were unable to verify if the amounts paid were appropriate. Further, the Department reimbursed the subrecipient for payments made to the Treasurer’s family member, whose bookkeeping services company was not disclosed as a conflict of interest to the Department as required by federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, the Department did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the program’s requirements. • $831 for repairs and maintenance, travel, supplies, and other contracted services that were paid to another principal officer ($705) and the Executive Director’s immediate family member ($126) who performed various handyman services, including plumbing, painting, and building repairs, that were not adequately supported by a signed contract having specified price rates for the services and terms; therefore, we were unable to verify if the amounts reimbursed by the Department were appropriate. Further, the Department reimbursed the subrecipient for payments made to the principal officer and the Executive Director’s immediate family member, whose services were not disclosed as a conflict of interest to the Department as required by its contract with the subrecipient and federal regulations. • $476 for unallowable loan payments to the subrecipient’s Executive Director, which was for personal use. • $99 for incentive payments to 1 contractor and 1 principal officer without documentation demonstrating that they were authorized by an agreement, reasonable for the services performed as provided in the subrecipient’s policies, and consistent with compensation paid for similar work in other activities; therefore, we were unable to verify if the amounts reimbursed were allowable. Additionally, contrary to federal regulations, the Department had not ensured that the subrecipient implemented competitive purchasing procedures when procuring the professional services and handyman services described above, and the subrecipient was unable to provide documentation that it had competitively procured the services. We audited the Continuum of Care Program as a major federal program for the State’s fiscal year 2023 single audit, and we performed follow-up procedures to the review that we conducted during fiscal year 2022. During the audit, we became aware of the potentially noncompliant 40 reimbursements involving 1 of the Department’s nonprofit subrecipients with which it partnered with to carry out federal and State programs, including the Continuum of Care Program, the Emergency Solutions Grants Program (Assistance Listings number 14.231), and Temporary Assistance to Needy Families (Assistance Listings number 93.558), which was audited as a major federal program for fiscal year 2023, as well as the State Housing Trust Fund. Our review of select reimbursements to this subrecipient resulted in similar findings for the federal Temporary Assistance to Needy Families and Emergency Solutions Grants Program and the State Housing Trust Fund that are described in findings 2023-115 and 2023-06, respectively. Effect—The Department’s reimbursing a nonprofit organization subrecipient for $40,455 of unallowable or unsupported costs and/or costs paid to the nonprofit organization’s principal officers or their immediate family members in violation of conflict-of-interest disclosure requirements resulted in those monies being unavailable to be spent for their intended purpose of providing housing assistance to those in need. Consequently, the Department may be required to return those monies to the federal agency in accordance with federal requirements.1 Cause—The Department had not yet resumed all its subrecipient monitoring activities, such as conducting on-site reviews and providing training and technical assistance, since suspending them starting in fiscal year 2020 due to the COVID-19 pandemic. Also, the Department had not properly assessed the subrecipient’s risk of noncompliance with its award contract and program requirements to determine the level of monitoring procedures it should put in place or training the subrecipient needed. For example, the Department was unaware that the subrecipient had not informed it of principal officers’ conflicts of interest so that it could ensure that those principal officers or their immediate family members were not involved in decision-making related to those conflicts and selectively reviewed the related costs and activities for compliance purposes. Further, Department personnel responsible for reviewing and approving the subrecipient’s reimbursement requests reported to us that dating back to at least 2021, staff were trained to not follow the Department’s policies and procedures because they were not sufficiently detailed to provide direction on how to ensure costs are adequately supported and allowable in accordance with program requirements but, instead, to approve any costs that had been previously reimbursed. Criteria—Federal regulations require the Department to monitor subrecipients and include required procedures for assessing the risk of each subrecipient’s noncompliance and implementing appropriate monitoring procedures to address those risk assessments; verifying single audits were conducted timely, if required; reviewing financial and performance reports; following up on and ensuring corrective action is taken on deficiencies that could potentially affect the program; and issuing management decisions on the results of audit findings or monitoring (2 CFR §§ 200.332, .339, and .521). Federal regulations provide that monitoring procedures the Department may implement to address a subrecipient’s risk assessment include providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs (2 CFR §200.332[e]). In addition, federal regulations require the Department’s subrecipients to allocate allowable costs using a reasonable basis, to use competitive purchasing standards when procuring goods and services, and to disclose in writing to the Department any potential conflicts of interest.2 Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Immediately stop reimbursing the nonprofit subrecipient for costs that are unsupported, unallowable, and/or paid to the nonprofit subrecipient’s principal officers or their immediate family members in violation of federal regulations and take appropriate enforcement actions in accordance with its subaward contract. 2. Update its written policies and procedures for reviewing and approving subrecipient reimbursement requests to include a process to ensure costs are adequately supported, allowable in accordance with program requirements, and approved by the appropriate level of management. 3. Train personnel responsible for reviewing and approving subrecipient reimbursement requests on how to identify costs that are unallowable under federal regulations. 4. Assess the risk of each subrecipient’s noncompliance and perform the appropriate monitoring procedures based on the assessed risk, such as providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs for allowability. 5. Ensure subrecipients allocate allowable costs using a reasonable basis, use competitive purchasing standards when procuring goods and services, and disclose in writing to the Department any potential conflicts of interest. The Department may need to provide training and technical assistance to subrecipients that address these compliance areas, including the Department’s obtaining conflict-of-interest disclosures from subrecipients as part of the subaward contract, as an example, or otherwise establishing a communication mechanism for subrecipients to use as such conflicts arise. 6. Continue to work with the nonprofit subrecipient to resolve the $40,455 in unallowable costs, including recovering these monies from the subrecipient and assessing the continued need to use this subrecipient for services. 7. Work with the federal agency to resolve the $40,455 of unallowable costs that it reimbursed, which may involve returning monies to the federal agency. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-115 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 The applicable federal requirements related to allowable costs, competitive purchasing, and conflicts of interest can be found in the Code of Federal Regulations at 2 CFR §§200.112, .318-.327, and Subpart E, and 24 CFR §578.95.
Assistance Listings number and name: 14.267 Continuum of Care Program Award number and year: AZ9999U9T002101, February 1, 2022 through June 30, 2023 Federal agency: U.S. Department of Housing and Urban Development Compliance requirement: Subrecipient monitoring Questioned costs: Unknown Condition—The Arizona Department of Housing (Department) awarded $4.5 million to 15 subrecipients during fiscal year 2023, or 90 percent of the Department’s $5.0 million total federal expenditures for this federal program, but did not perform all the required monitoring of the subrecipients’ activities or compliance with the award terms and program requirements. Specifically, the Department’s only monitoring procedure during the year consisted of reviewing and approving the subrecipients’ invoices of program expenditures for reimbursement, which we also found to be deficient during a review of 1 nonprofit subrecipient’s reimbursement requests. See financial statement finding 2023-06 and federal award finding 2023-116 for specific issues noted and related recommendations. Further, that procedure alone was insufficient to evaluate whether the subrecipients used program monies in accordance with the award terms and program requirements. Effect—The Department’s failure to perform all required monitoring increased the risk that the $4.5 million of program monies the Department awarded to subrecipients may not have been spent in accordance with the award terms and program requirements. If monies are spent inconsistent with program requirements, those who were intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Consequently, the Department may be required to return any misspent monies to the federal agency in accordance with federal requirements.1 Cause—The Department did not perform all required monitoring procedures and did not have sufficient policies and procedures. Specifically, the Department did not develop and implement procedures to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the Department should monitor until near the end of the grant period in May 2023. Prior to that, the Department had an informal process to identify subrecipients. Also, the Department did not develop and implement procedures to perform subrecipient risk assessments until March 2023 and had not yet resumed other subrecipient monitoring activities during fiscal year 2023, such as conducting on-site reviews and providing training and technical assistance, since suspending these activities starting in fiscal year 2020 due to the COVID-19 pandemic. Additionally, the Department’s written policies and procedures lacked procedures for performing risk assessments; designing monitoring procedures, training, or technical assistance based upon the assessed risk; and verifying that a subrecipient received a single audit if it was expected to meet or exceed the federal expenditure threshold of $750,000 for requiring a single audit. Criteria—Federal regulation requires the Department to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the County should monitor (2 Code of Federal Regulation [CFR] §200.331). Additionally, federal regulation requires the Department to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments; verifying single audits were conducted timely; following up on and ensuring corrective action is taken on audit findings that could potentially affect the program; and issuing a management decision for audit findings pertaining to the federal award. This federal regulation also provides that monitoring procedures may include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §§200.332[b] and [d–f]). Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Perform required monitoring of its subrecipients and their compliance with the award terms and program requirements. 2. Update and follow written policies and procedures to: a. Evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the Department should monitor. b. Assess the risk of each subrecipient’s noncompliance and carry out monitoring activities based on those risk assessments such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. c. Verify subrecipients receive timely single audits, if required; follow up on and ensure that corrective action is taken on any audit findings that could potentially affect the program; and issue management decisions for any audit findings pertaining to the federal award. d. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 14.267 Continuum of Care Program Award number and year: AZ9999U9T002101, February 1, 2022 through June 30, 2023 Federal agency: U.S. Department of Housing and Urban Development Compliance requirement: Subrecipient monitoring Questioned costs: $40,455 Condition—Contrary to federal regulations and its federal award terms, the Department of Housing (Department) reimbursed 1 nonprofit organization subrecipient for federal program costs totaling $40,455 during fiscal year 2023 that were unsupported, unallowable, and/or paid to the nonprofit organization’s principal officers or their immediate family members in violation of conflict-of-interest disclosure requirements. Specifically, we reviewed 40 reimbursements that included Continuum of Care costs totaling $346,747 for the year and found that the Department reimbursed the subrecipient for: • $18,385 for financial and accounting services and supplies that were paid to 1 of the nonprofit organization’s principal officers, who served as the Treasurer, and their company, which was not disclosed as a conflict of interest to the Department as required by its contract with the subrecipient and federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, the Department did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the program’s requirements. • $20,664 for bookkeeping services that were not adequately supported by sufficiently detailed invoices and a signed, written contract having a specified price rate for the services and terms; therefore, we were unable to verify if the amounts paid were appropriate. Further, the Department reimbursed the subrecipient for payments made to the Treasurer’s family member, whose bookkeeping services company was not disclosed as a conflict of interest to the Department as required by federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, the Department did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the program’s requirements. • $831 for repairs and maintenance, travel, supplies, and other contracted services that were paid to another principal officer ($705) and the Executive Director’s immediate family member ($126) who performed various handyman services, including plumbing, painting, and building repairs, that were not adequately supported by a signed contract having specified price rates for the services and terms; therefore, we were unable to verify if the amounts reimbursed by the Department were appropriate. Further, the Department reimbursed the subrecipient for payments made to the principal officer and the Executive Director’s immediate family member, whose services were not disclosed as a conflict of interest to the Department as required by its contract with the subrecipient and federal regulations. • $476 for unallowable loan payments to the subrecipient’s Executive Director, which was for personal use. • $99 for incentive payments to 1 contractor and 1 principal officer without documentation demonstrating that they were authorized by an agreement, reasonable for the services performed as provided in the subrecipient’s policies, and consistent with compensation paid for similar work in other activities; therefore, we were unable to verify if the amounts reimbursed were allowable. Additionally, contrary to federal regulations, the Department had not ensured that the subrecipient implemented competitive purchasing procedures when procuring the professional services and handyman services described above, and the subrecipient was unable to provide documentation that it had competitively procured the services. We audited the Continuum of Care Program as a major federal program for the State’s fiscal year 2023 single audit, and we performed follow-up procedures to the review that we conducted during fiscal year 2022. During the audit, we became aware of the potentially noncompliant 40 reimbursements involving 1 of the Department’s nonprofit subrecipients with which it partnered with to carry out federal and State programs, including the Continuum of Care Program, the Emergency Solutions Grants Program (Assistance Listings number 14.231), and Temporary Assistance to Needy Families (Assistance Listings number 93.558), which was audited as a major federal program for fiscal year 2023, as well as the State Housing Trust Fund. Our review of select reimbursements to this subrecipient resulted in similar findings for the federal Temporary Assistance to Needy Families and Emergency Solutions Grants Program and the State Housing Trust Fund that are described in findings 2023-115 and 2023-06, respectively. Effect—The Department’s reimbursing a nonprofit organization subrecipient for $40,455 of unallowable or unsupported costs and/or costs paid to the nonprofit organization’s principal officers or their immediate family members in violation of conflict-of-interest disclosure requirements resulted in those monies being unavailable to be spent for their intended purpose of providing housing assistance to those in need. Consequently, the Department may be required to return those monies to the federal agency in accordance with federal requirements.1 Cause—The Department had not yet resumed all its subrecipient monitoring activities, such as conducting on-site reviews and providing training and technical assistance, since suspending them starting in fiscal year 2020 due to the COVID-19 pandemic. Also, the Department had not properly assessed the subrecipient’s risk of noncompliance with its award contract and program requirements to determine the level of monitoring procedures it should put in place or training the subrecipient needed. For example, the Department was unaware that the subrecipient had not informed it of principal officers’ conflicts of interest so that it could ensure that those principal officers or their immediate family members were not involved in decision-making related to those conflicts and selectively reviewed the related costs and activities for compliance purposes. Further, Department personnel responsible for reviewing and approving the subrecipient’s reimbursement requests reported to us that dating back to at least 2021, staff were trained to not follow the Department’s policies and procedures because they were not sufficiently detailed to provide direction on how to ensure costs are adequately supported and allowable in accordance with program requirements but, instead, to approve any costs that had been previously reimbursed. Criteria—Federal regulations require the Department to monitor subrecipients and include required procedures for assessing the risk of each subrecipient’s noncompliance and implementing appropriate monitoring procedures to address those risk assessments; verifying single audits were conducted timely, if required; reviewing financial and performance reports; following up on and ensuring corrective action is taken on deficiencies that could potentially affect the program; and issuing management decisions on the results of audit findings or monitoring (2 CFR §§ 200.332, .339, and .521). Federal regulations provide that monitoring procedures the Department may implement to address a subrecipient’s risk assessment include providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs (2 CFR §200.332[e]). In addition, federal regulations require the Department’s subrecipients to allocate allowable costs using a reasonable basis, to use competitive purchasing standards when procuring goods and services, and to disclose in writing to the Department any potential conflicts of interest.2 Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Immediately stop reimbursing the nonprofit subrecipient for costs that are unsupported, unallowable, and/or paid to the nonprofit subrecipient’s principal officers or their immediate family members in violation of federal regulations and take appropriate enforcement actions in accordance with its subaward contract. 2. Update its written policies and procedures for reviewing and approving subrecipient reimbursement requests to include a process to ensure costs are adequately supported, allowable in accordance with program requirements, and approved by the appropriate level of management. 3. Train personnel responsible for reviewing and approving subrecipient reimbursement requests on how to identify costs that are unallowable under federal regulations. 4. Assess the risk of each subrecipient’s noncompliance and perform the appropriate monitoring procedures based on the assessed risk, such as providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs for allowability. 5. Ensure subrecipients allocate allowable costs using a reasonable basis, use competitive purchasing standards when procuring goods and services, and disclose in writing to the Department any potential conflicts of interest. The Department may need to provide training and technical assistance to subrecipients that address these compliance areas, including the Department’s obtaining conflict-of-interest disclosures from subrecipients as part of the subaward contract, as an example, or otherwise establishing a communication mechanism for subrecipients to use as such conflicts arise. 6. Continue to work with the nonprofit subrecipient to resolve the $40,455 in unallowable costs, including recovering these monies from the subrecipient and assessing the continued need to use this subrecipient for services. 7. Work with the federal agency to resolve the $40,455 of unallowable costs that it reimbursed, which may involve returning monies to the federal agency. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-115 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 The applicable federal requirements related to allowable costs, competitive purchasing, and conflicts of interest can be found in the Code of Federal Regulations at 2 CFR §§200.112, .318-.327, and Subpart E, and 24 CFR §578.95.
Assistance Listings number and name: 14.267 Continuum of Care Program Award number and year: AZ9999U9T002101, February 1, 2022 through June 30, 2023 Federal agency: U.S. Department of Housing and Urban Development Compliance requirement: Subrecipient monitoring Questioned costs: Unknown Condition—The Arizona Department of Housing (Department) awarded $4.5 million to 15 subrecipients during fiscal year 2023, or 90 percent of the Department’s $5.0 million total federal expenditures for this federal program, but did not perform all the required monitoring of the subrecipients’ activities or compliance with the award terms and program requirements. Specifically, the Department’s only monitoring procedure during the year consisted of reviewing and approving the subrecipients’ invoices of program expenditures for reimbursement, which we also found to be deficient during a review of 1 nonprofit subrecipient’s reimbursement requests. See financial statement finding 2023-06 and federal award finding 2023-116 for specific issues noted and related recommendations. Further, that procedure alone was insufficient to evaluate whether the subrecipients used program monies in accordance with the award terms and program requirements. Effect—The Department’s failure to perform all required monitoring increased the risk that the $4.5 million of program monies the Department awarded to subrecipients may not have been spent in accordance with the award terms and program requirements. If monies are spent inconsistent with program requirements, those who were intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Consequently, the Department may be required to return any misspent monies to the federal agency in accordance with federal requirements.1 Cause—The Department did not perform all required monitoring procedures and did not have sufficient policies and procedures. Specifically, the Department did not develop and implement procedures to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the Department should monitor until near the end of the grant period in May 2023. Prior to that, the Department had an informal process to identify subrecipients. Also, the Department did not develop and implement procedures to perform subrecipient risk assessments until March 2023 and had not yet resumed other subrecipient monitoring activities during fiscal year 2023, such as conducting on-site reviews and providing training and technical assistance, since suspending these activities starting in fiscal year 2020 due to the COVID-19 pandemic. Additionally, the Department’s written policies and procedures lacked procedures for performing risk assessments; designing monitoring procedures, training, or technical assistance based upon the assessed risk; and verifying that a subrecipient received a single audit if it was expected to meet or exceed the federal expenditure threshold of $750,000 for requiring a single audit. Criteria—Federal regulation requires the Department to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the County should monitor (2 Code of Federal Regulation [CFR] §200.331). Additionally, federal regulation requires the Department to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments; verifying single audits were conducted timely; following up on and ensuring corrective action is taken on audit findings that could potentially affect the program; and issuing a management decision for audit findings pertaining to the federal award. This federal regulation also provides that monitoring procedures may include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §§200.332[b] and [d–f]). Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Perform required monitoring of its subrecipients and their compliance with the award terms and program requirements. 2. Update and follow written policies and procedures to: a. Evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the Department should monitor. b. Assess the risk of each subrecipient’s noncompliance and carry out monitoring activities based on those risk assessments such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. c. Verify subrecipients receive timely single audits, if required; follow up on and ensure that corrective action is taken on any audit findings that could potentially affect the program; and issue management decisions for any audit findings pertaining to the federal award. d. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Award number and year: None Federal agency: U.S. Department of the Treasury Questioned costs: $1,903,858 Assistance Listing number and name: 84.425C COVID-19 Education Stabilization Fund – Governor’s Emergency Education Relief (GEER) Fund Award numbers and years: S425C200052, June 2, 2020 through September 30, 2022; S425C210052, January 8, 2021 through September 30, 2023 Federal agency: U.S. Department of Education Questioned costs: Unknown Compliance requirement: Subrecipient monitoring Condition—The Governor’s Office of Strategic Planning and Budgeting (Office) awarded $135.1 million to 334 SLFRF program subrecipients and $10.2 million to 10 GEER program subrecipients during fiscal year 2023, or 88 percent and 98 percent, respectively, of each of the Office’s federal program expenditures, but did not perform all required risk assessments to assess whether its monitoring procedures were sufficient to evaluate whether subrecipients used program monies in accordance with the award terms and program requirements. Specifically, risk assessments were not performed for 37 of 42 SLFRF program subrecipients and 5 of 5 GEER program subrecipients tested. Effect—The Office’s delay in performing required risk assessments did not allow the Office to properly design and prioritize its monitoring efforts, resulting in the Office not timely identifying questioned costs of approximately $1,903,858 for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements.1 The Office identified several of these questioned costs as potentially inappropriate and has forwarded this information to the Attorney General’s Office for further review. As a result, the Office may be required to return these monies to the federal agency in accordance with Uniform Guidance requirements.2 Further, if monies were spent inconsistent with program requirements, those who were intended to benefit from the program may not have received all the services or other benefits they otherwise would have received. Subrecipient program expenditures are not related to the revenue loss expenditure category. Cause—Office management reported that it hired additional staff in fiscal year 2023 to begin addressing issues noted in prior year findings 2022-104 and 2022-10 but had not done so in time to complete required risk assessments for the more than 300 SLFRF program and 10 GEER program subrecipients.3 Criteria—Federal regulation requires the Office to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments. This federal regulation also provides that monitoring procedures may include reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [e]). Further, Office policy requires an annual risk assessment of open, active subawards to determine which subawards will be selected for review and monitoring priority (Grants Management Manual – Grantor, Chapter 8 – Award Monitoring). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Office should: 1. Ensure it performs required monitoring of its subrecipients and their compliance with the award terms and program requirements by following its established policies and procedures to assess the risk of each subrecipient’s noncompliance annually and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on site reviews, selective audits, and/or other monitoring procedures. 2. Continue to assess its resources, such as staffing, to perform required risk assessments and monitoring procedures to comply with the award terms and program requirements. 3. Work with the federal agency and the subrecipients to resolve the $1,903,858 of program monies that may have been spent in violation of its federal award terms and that may need to be returned to the federal agency.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year findings 2022-104 (GEER) and 2022-106 (SLFRF) and were initially reported in fiscal years 2021 (GEER) and 2022 (SLFRF). 1 The Office reported during fiscal year 2024 it began performing missing risk assessments for subrecipients awarded monies during fiscal years 2022 and 2023 that were not completed by June 30, 2023, and is currently conducting additional onsite monitoring or desk reviews based on those results. As of the report date, December 17, 2024, the Office identified and reported to us approximately $1,903,858 of expenditures for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements. Since the Office is still performing monitoring procedures for subaward monies spent during fiscal year 2023, there may be additional questioned costs that the Office has not identified. 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 3 Arizona Auditor General. (2023). State of Arizona June 30, 2022, Single Audit Report. Phoenix, AZ. Retrieved 08/13/2024 from https://www.azauditor.gov/sites/default/files/2024-01/StateOfArizonaJune30_2022SingleAudit.pdf
Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Subrecipient monitoring Questioned costs: Unknown Condition—The Department of Economic Security (Department) awarded $3.3 million to 11 subrecipients during fiscal year 2023, or 8.3 percent of the Department’s $40.2 million of total federal expenditures for this federal program, but did not perform the required monitoring of the subrecipients’ activities or compliance with the award terms and program requirements. Further, the Department improperly classified $2.4 million of contractor expenditures, or 6 percent of the program’s total federal expenditures, as subrecipient expenditures on the State’s initial schedule of expenditures of federal awards (SEFA). Effect—The Department’s failure to perform required monitoring increased the risk that the $3.3 million of program monies the Department awarded to subrecipients may not have been spent in accordance with the award terms and program or contract requirements. Further, the Department’s not properly reporting contractor versus subrecipient expenditures on the SEFA increased the risk that subrecipients are not properly identified and monitored by the Department. If monies are spent inconsistent with program and contract requirements, those who were intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Further, although the Department corrected the subrecipient misclassification error before the State issued its Single Audit Report, there is an increased risk that the State’s SEFA could contain significant errors and misinform those who are relying on the information. Cause—The Department lacked entity-wide subrecipient-monitoring policies and procedures for its divisions to follow and instead relied on each division administering the program to design and implement its own subrecipient-monitoring procedures. However, of the 2 Department divisions administering the program, 1 was not aware of the subrecipient-monitoring requirements, and the other did not follow its subrecipient-monitoring policies and procedures, as follows: • The Child and Community Services Division (CCSD) personnel responsible for monitoring 5 subrecipients reported that they were not aware of the program’s subrecipient-monitoring requirements because of the program manager being on extended leave, turnover in staff knowledgeable of these requirements, and lack of established policies and procedures over monitoring the program’s subrecipients’ activities. Further, neither the Department nor the CCSD personnel responsible for identifying subrecipients provided guidance to CCSD personnel responsible for subrecipient monitoring. • The CCSD personnel responsible for monitoring 6 subrecipients reported that they did not follow CCSD’s procedures for monitoring the program’s subrecipients’ activities because they were short-staffed and prioritized monitoring other federal and State grants’ subrecipients’ activities. Further, the incorrect determination and reporting of a subrecipient relationship on the initial SEFA resulted from the Department’s entity-wide form used to determine whether other parties receiving program monies had the role of a subrecipient or contractor lacking detailed guidance for determining the characteristics that support a subrecipient versus a contractor relationship. Criteria—Federal regulation requires the Department to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments; reviewing financial and performance reports, verifying single audits were conducted timely; following up on and ensuring corrective action is taken on audit findings that could potentially affect the program; and issuing a management decision for audit findings pertaining to the federal award. Those federal regulations also provide that monitoring procedures may include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [d–e]). Further, federal regulation requires the Department to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the Division should monitor (2 CFR §200.331). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Perform required monitoring of its subrecipients and their compliance with the award terms and program requirements. 2. Properly classify and report subrecipient expenditures on the State’s SEFA. 3. Develop, implement, and train all divisions on entity-wide written subrecipient-monitoring policies and procedures requiring all divisions to: a. Assess the risk of each subrecipient’s noncompliance and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Verify subrecipients receive timely single audits, if required; follow up on and ensure that corrective action is taken on any audit findings that could potentially affect the program; and issue management decisions for any audit findings pertaining to the federal award. c. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. 4. Allocate sufficient resources, such as staffing, to comply with the award terms and program requirements, and designate individuals within each division to perform necessary subrecipient-monitoring procedures. 5. Update the form it uses to determine whether other parties receiving program monies have the role of a subrecipient or contractor to include guidance for how to determine each characteristic of a subrecipient and contractor relationship and require a conclusion to be documented. In addition, train staff to properly complete the form and perform supervisory reviews of it. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
Assistance Listings number and name: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Award number and year: None Federal agency: U.S. Department of the Treasury Questioned costs: $1,903,858 Assistance Listing number and name: 84.425C COVID-19 Education Stabilization Fund – Governor’s Emergency Education Relief (GEER) Fund Award numbers and years: S425C200052, June 2, 2020 through September 30, 2022; S425C210052, January 8, 2021 through September 30, 2023 Federal agency: U.S. Department of Education Questioned costs: Unknown Compliance requirement: Subrecipient monitoring Condition—The Governor’s Office of Strategic Planning and Budgeting (Office) awarded $135.1 million to 334 SLFRF program subrecipients and $10.2 million to 10 GEER program subrecipients during fiscal year 2023, or 88 percent and 98 percent, respectively, of each of the Office’s federal program expenditures, but did not perform all required risk assessments to assess whether its monitoring procedures were sufficient to evaluate whether subrecipients used program monies in accordance with the award terms and program requirements. Specifically, risk assessments were not performed for 37 of 42 SLFRF program subrecipients and 5 of 5 GEER program subrecipients tested. Effect—The Office’s delay in performing required risk assessments did not allow the Office to properly design and prioritize its monitoring efforts, resulting in the Office not timely identifying questioned costs of approximately $1,903,858 for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements.1 The Office identified several of these questioned costs as potentially inappropriate and has forwarded this information to the Attorney General’s Office for further review. As a result, the Office may be required to return these monies to the federal agency in accordance with Uniform Guidance requirements.2 Further, if monies were spent inconsistent with program requirements, those who were intended to benefit from the program may not have received all the services or other benefits they otherwise would have received. Subrecipient program expenditures are not related to the revenue loss expenditure category. Cause—Office management reported that it hired additional staff in fiscal year 2023 to begin addressing issues noted in prior year findings 2022-104 and 2022-10 but had not done so in time to complete required risk assessments for the more than 300 SLFRF program and 10 GEER program subrecipients.3 Criteria—Federal regulation requires the Office to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments. This federal regulation also provides that monitoring procedures may include reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [e]). Further, Office policy requires an annual risk assessment of open, active subawards to determine which subawards will be selected for review and monitoring priority (Grants Management Manual – Grantor, Chapter 8 – Award Monitoring). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Office should: 1. Ensure it performs required monitoring of its subrecipients and their compliance with the award terms and program requirements by following its established policies and procedures to assess the risk of each subrecipient’s noncompliance annually and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on site reviews, selective audits, and/or other monitoring procedures. 2. Continue to assess its resources, such as staffing, to perform required risk assessments and monitoring procedures to comply with the award terms and program requirements. 3. Work with the federal agency and the subrecipients to resolve the $1,903,858 of program monies that may have been spent in violation of its federal award terms and that may need to be returned to the federal agency.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year findings 2022-104 (GEER) and 2022-106 (SLFRF) and were initially reported in fiscal years 2021 (GEER) and 2022 (SLFRF). 1 The Office reported during fiscal year 2024 it began performing missing risk assessments for subrecipients awarded monies during fiscal years 2022 and 2023 that were not completed by June 30, 2023, and is currently conducting additional onsite monitoring or desk reviews based on those results. As of the report date, December 17, 2024, the Office identified and reported to us approximately $1,903,858 of expenditures for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements. Since the Office is still performing monitoring procedures for subaward monies spent during fiscal year 2023, there may be additional questioned costs that the Office has not identified. 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 3 Arizona Auditor General. (2023). State of Arizona June 30, 2022, Single Audit Report. Phoenix, AZ. Retrieved 08/13/2024 from https://www.azauditor.gov/sites/default/files/2024-01/StateOfArizonaJune30_2022SingleAudit.pdf
Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Subrecipient monitoring Questioned costs: Unknown Condition—The Department of Economic Security (Department) awarded $3.3 million to 11 subrecipients during fiscal year 2023, or 8.3 percent of the Department’s $40.2 million of total federal expenditures for this federal program, but did not perform the required monitoring of the subrecipients’ activities or compliance with the award terms and program requirements. Further, the Department improperly classified $2.4 million of contractor expenditures, or 6 percent of the program’s total federal expenditures, as subrecipient expenditures on the State’s initial schedule of expenditures of federal awards (SEFA). Effect—The Department’s failure to perform required monitoring increased the risk that the $3.3 million of program monies the Department awarded to subrecipients may not have been spent in accordance with the award terms and program or contract requirements. Further, the Department’s not properly reporting contractor versus subrecipient expenditures on the SEFA increased the risk that subrecipients are not properly identified and monitored by the Department. If monies are spent inconsistent with program and contract requirements, those who were intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Further, although the Department corrected the subrecipient misclassification error before the State issued its Single Audit Report, there is an increased risk that the State’s SEFA could contain significant errors and misinform those who are relying on the information. Cause—The Department lacked entity-wide subrecipient-monitoring policies and procedures for its divisions to follow and instead relied on each division administering the program to design and implement its own subrecipient-monitoring procedures. However, of the 2 Department divisions administering the program, 1 was not aware of the subrecipient-monitoring requirements, and the other did not follow its subrecipient-monitoring policies and procedures, as follows: • The Child and Community Services Division (CCSD) personnel responsible for monitoring 5 subrecipients reported that they were not aware of the program’s subrecipient-monitoring requirements because of the program manager being on extended leave, turnover in staff knowledgeable of these requirements, and lack of established policies and procedures over monitoring the program’s subrecipients’ activities. Further, neither the Department nor the CCSD personnel responsible for identifying subrecipients provided guidance to CCSD personnel responsible for subrecipient monitoring. • The CCSD personnel responsible for monitoring 6 subrecipients reported that they did not follow CCSD’s procedures for monitoring the program’s subrecipients’ activities because they were short-staffed and prioritized monitoring other federal and State grants’ subrecipients’ activities. Further, the incorrect determination and reporting of a subrecipient relationship on the initial SEFA resulted from the Department’s entity-wide form used to determine whether other parties receiving program monies had the role of a subrecipient or contractor lacking detailed guidance for determining the characteristics that support a subrecipient versus a contractor relationship. Criteria—Federal regulation requires the Department to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments; reviewing financial and performance reports, verifying single audits were conducted timely; following up on and ensuring corrective action is taken on audit findings that could potentially affect the program; and issuing a management decision for audit findings pertaining to the federal award. Those federal regulations also provide that monitoring procedures may include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [d–e]). Further, federal regulation requires the Department to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the Division should monitor (2 CFR §200.331). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Perform required monitoring of its subrecipients and their compliance with the award terms and program requirements. 2. Properly classify and report subrecipient expenditures on the State’s SEFA. 3. Develop, implement, and train all divisions on entity-wide written subrecipient-monitoring policies and procedures requiring all divisions to: a. Assess the risk of each subrecipient’s noncompliance and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Verify subrecipients receive timely single audits, if required; follow up on and ensure that corrective action is taken on any audit findings that could potentially affect the program; and issue management decisions for any audit findings pertaining to the federal award. c. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. 4. Allocate sufficient resources, such as staffing, to comply with the award terms and program requirements, and designate individuals within each division to perform necessary subrecipient-monitoring procedures. 5. Update the form it uses to determine whether other parties receiving program monies have the role of a subrecipient or contractor to include guidance for how to determine each characteristic of a subrecipient and contractor relationship and require a conclusion to be documented. In addition, train staff to properly complete the form and perform supervisory reviews of it. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
Assistance Listings number and name: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Award number and year: None Federal agency: U.S. Department of the Treasury Questioned costs: $1,903,858 Assistance Listing number and name: 84.425C COVID-19 Education Stabilization Fund – Governor’s Emergency Education Relief (GEER) Fund Award numbers and years: S425C200052, June 2, 2020 through September 30, 2022; S425C210052, January 8, 2021 through September 30, 2023 Federal agency: U.S. Department of Education Questioned costs: Unknown Compliance requirement: Subrecipient monitoring Condition—The Governor’s Office of Strategic Planning and Budgeting (Office) awarded $135.1 million to 334 SLFRF program subrecipients and $10.2 million to 10 GEER program subrecipients during fiscal year 2023, or 88 percent and 98 percent, respectively, of each of the Office’s federal program expenditures, but did not perform all required risk assessments to assess whether its monitoring procedures were sufficient to evaluate whether subrecipients used program monies in accordance with the award terms and program requirements. Specifically, risk assessments were not performed for 37 of 42 SLFRF program subrecipients and 5 of 5 GEER program subrecipients tested. Effect—The Office’s delay in performing required risk assessments did not allow the Office to properly design and prioritize its monitoring efforts, resulting in the Office not timely identifying questioned costs of approximately $1,903,858 for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements.1 The Office identified several of these questioned costs as potentially inappropriate and has forwarded this information to the Attorney General’s Office for further review. As a result, the Office may be required to return these monies to the federal agency in accordance with Uniform Guidance requirements.2 Further, if monies were spent inconsistent with program requirements, those who were intended to benefit from the program may not have received all the services or other benefits they otherwise would have received. Subrecipient program expenditures are not related to the revenue loss expenditure category. Cause—Office management reported that it hired additional staff in fiscal year 2023 to begin addressing issues noted in prior year findings 2022-104 and 2022-10 but had not done so in time to complete required risk assessments for the more than 300 SLFRF program and 10 GEER program subrecipients.3 Criteria—Federal regulation requires the Office to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments. This federal regulation also provides that monitoring procedures may include reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [e]). Further, Office policy requires an annual risk assessment of open, active subawards to determine which subawards will be selected for review and monitoring priority (Grants Management Manual – Grantor, Chapter 8 – Award Monitoring). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Office should: 1. Ensure it performs required monitoring of its subrecipients and their compliance with the award terms and program requirements by following its established policies and procedures to assess the risk of each subrecipient’s noncompliance annually and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on site reviews, selective audits, and/or other monitoring procedures. 2. Continue to assess its resources, such as staffing, to perform required risk assessments and monitoring procedures to comply with the award terms and program requirements. 3. Work with the federal agency and the subrecipients to resolve the $1,903,858 of program monies that may have been spent in violation of its federal award terms and that may need to be returned to the federal agency.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year findings 2022-104 (GEER) and 2022-106 (SLFRF) and were initially reported in fiscal years 2021 (GEER) and 2022 (SLFRF). 1 The Office reported during fiscal year 2024 it began performing missing risk assessments for subrecipients awarded monies during fiscal years 2022 and 2023 that were not completed by June 30, 2023, and is currently conducting additional onsite monitoring or desk reviews based on those results. As of the report date, December 17, 2024, the Office identified and reported to us approximately $1,903,858 of expenditures for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements. Since the Office is still performing monitoring procedures for subaward monies spent during fiscal year 2023, there may be additional questioned costs that the Office has not identified. 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 3 Arizona Auditor General. (2023). State of Arizona June 30, 2022, Single Audit Report. Phoenix, AZ. Retrieved 08/13/2024 from https://www.azauditor.gov/sites/default/files/2024-01/StateOfArizonaJune30_2022SingleAudit.pdf
Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Subrecipient monitoring Questioned costs: Unknown Condition—The Department of Economic Security (Department) awarded $3.3 million to 11 subrecipients during fiscal year 2023, or 8.3 percent of the Department’s $40.2 million of total federal expenditures for this federal program, but did not perform the required monitoring of the subrecipients’ activities or compliance with the award terms and program requirements. Further, the Department improperly classified $2.4 million of contractor expenditures, or 6 percent of the program’s total federal expenditures, as subrecipient expenditures on the State’s initial schedule of expenditures of federal awards (SEFA). Effect—The Department’s failure to perform required monitoring increased the risk that the $3.3 million of program monies the Department awarded to subrecipients may not have been spent in accordance with the award terms and program or contract requirements. Further, the Department’s not properly reporting contractor versus subrecipient expenditures on the SEFA increased the risk that subrecipients are not properly identified and monitored by the Department. If monies are spent inconsistent with program and contract requirements, those who were intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Further, although the Department corrected the subrecipient misclassification error before the State issued its Single Audit Report, there is an increased risk that the State’s SEFA could contain significant errors and misinform those who are relying on the information. Cause—The Department lacked entity-wide subrecipient-monitoring policies and procedures for its divisions to follow and instead relied on each division administering the program to design and implement its own subrecipient-monitoring procedures. However, of the 2 Department divisions administering the program, 1 was not aware of the subrecipient-monitoring requirements, and the other did not follow its subrecipient-monitoring policies and procedures, as follows: • The Child and Community Services Division (CCSD) personnel responsible for monitoring 5 subrecipients reported that they were not aware of the program’s subrecipient-monitoring requirements because of the program manager being on extended leave, turnover in staff knowledgeable of these requirements, and lack of established policies and procedures over monitoring the program’s subrecipients’ activities. Further, neither the Department nor the CCSD personnel responsible for identifying subrecipients provided guidance to CCSD personnel responsible for subrecipient monitoring. • The CCSD personnel responsible for monitoring 6 subrecipients reported that they did not follow CCSD’s procedures for monitoring the program’s subrecipients’ activities because they were short-staffed and prioritized monitoring other federal and State grants’ subrecipients’ activities. Further, the incorrect determination and reporting of a subrecipient relationship on the initial SEFA resulted from the Department’s entity-wide form used to determine whether other parties receiving program monies had the role of a subrecipient or contractor lacking detailed guidance for determining the characteristics that support a subrecipient versus a contractor relationship. Criteria—Federal regulation requires the Department to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments; reviewing financial and performance reports, verifying single audits were conducted timely; following up on and ensuring corrective action is taken on audit findings that could potentially affect the program; and issuing a management decision for audit findings pertaining to the federal award. Those federal regulations also provide that monitoring procedures may include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [d–e]). Further, federal regulation requires the Department to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the Division should monitor (2 CFR §200.331). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Perform required monitoring of its subrecipients and their compliance with the award terms and program requirements. 2. Properly classify and report subrecipient expenditures on the State’s SEFA. 3. Develop, implement, and train all divisions on entity-wide written subrecipient-monitoring policies and procedures requiring all divisions to: a. Assess the risk of each subrecipient’s noncompliance and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Verify subrecipients receive timely single audits, if required; follow up on and ensure that corrective action is taken on any audit findings that could potentially affect the program; and issue management decisions for any audit findings pertaining to the federal award. c. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. 4. Allocate sufficient resources, such as staffing, to comply with the award terms and program requirements, and designate individuals within each division to perform necessary subrecipient-monitoring procedures. 5. Update the form it uses to determine whether other parties receiving program monies have the role of a subrecipient or contractor to include guidance for how to determine each characteristic of a subrecipient and contractor relationship and require a conclusion to be documented. In addition, train staff to properly complete the form and perform supervisory reviews of it. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
Assistance Listings number and name: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Award number and year: None Federal agency: U.S. Department of the Treasury Questioned costs: $1,903,858 Assistance Listing number and name: 84.425C COVID-19 Education Stabilization Fund – Governor’s Emergency Education Relief (GEER) Fund Award numbers and years: S425C200052, June 2, 2020 through September 30, 2022; S425C210052, January 8, 2021 through September 30, 2023 Federal agency: U.S. Department of Education Questioned costs: Unknown Compliance requirement: Subrecipient monitoring Condition—The Governor’s Office of Strategic Planning and Budgeting (Office) awarded $135.1 million to 334 SLFRF program subrecipients and $10.2 million to 10 GEER program subrecipients during fiscal year 2023, or 88 percent and 98 percent, respectively, of each of the Office’s federal program expenditures, but did not perform all required risk assessments to assess whether its monitoring procedures were sufficient to evaluate whether subrecipients used program monies in accordance with the award terms and program requirements. Specifically, risk assessments were not performed for 37 of 42 SLFRF program subrecipients and 5 of 5 GEER program subrecipients tested. Effect—The Office’s delay in performing required risk assessments did not allow the Office to properly design and prioritize its monitoring efforts, resulting in the Office not timely identifying questioned costs of approximately $1,903,858 for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements.1 The Office identified several of these questioned costs as potentially inappropriate and has forwarded this information to the Attorney General’s Office for further review. As a result, the Office may be required to return these monies to the federal agency in accordance with Uniform Guidance requirements.2 Further, if monies were spent inconsistent with program requirements, those who were intended to benefit from the program may not have received all the services or other benefits they otherwise would have received. Subrecipient program expenditures are not related to the revenue loss expenditure category. Cause—Office management reported that it hired additional staff in fiscal year 2023 to begin addressing issues noted in prior year findings 2022-104 and 2022-10 but had not done so in time to complete required risk assessments for the more than 300 SLFRF program and 10 GEER program subrecipients.3 Criteria—Federal regulation requires the Office to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments. This federal regulation also provides that monitoring procedures may include reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [e]). Further, Office policy requires an annual risk assessment of open, active subawards to determine which subawards will be selected for review and monitoring priority (Grants Management Manual – Grantor, Chapter 8 – Award Monitoring). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Office should: 1. Ensure it performs required monitoring of its subrecipients and their compliance with the award terms and program requirements by following its established policies and procedures to assess the risk of each subrecipient’s noncompliance annually and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on site reviews, selective audits, and/or other monitoring procedures. 2. Continue to assess its resources, such as staffing, to perform required risk assessments and monitoring procedures to comply with the award terms and program requirements. 3. Work with the federal agency and the subrecipients to resolve the $1,903,858 of program monies that may have been spent in violation of its federal award terms and that may need to be returned to the federal agency.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year findings 2022-104 (GEER) and 2022-106 (SLFRF) and were initially reported in fiscal years 2021 (GEER) and 2022 (SLFRF). 1 The Office reported during fiscal year 2024 it began performing missing risk assessments for subrecipients awarded monies during fiscal years 2022 and 2023 that were not completed by June 30, 2023, and is currently conducting additional onsite monitoring or desk reviews based on those results. As of the report date, December 17, 2024, the Office identified and reported to us approximately $1,903,858 of expenditures for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements. Since the Office is still performing monitoring procedures for subaward monies spent during fiscal year 2023, there may be additional questioned costs that the Office has not identified. 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 3 Arizona Auditor General. (2023). State of Arizona June 30, 2022, Single Audit Report. Phoenix, AZ. Retrieved 08/13/2024 from https://www.azauditor.gov/sites/default/files/2024-01/StateOfArizonaJune30_2022SingleAudit.pdf
Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Subrecipient monitoring Questioned costs: Unknown Condition—The Department of Economic Security (Department) awarded $3.3 million to 11 subrecipients during fiscal year 2023, or 8.3 percent of the Department’s $40.2 million of total federal expenditures for this federal program, but did not perform the required monitoring of the subrecipients’ activities or compliance with the award terms and program requirements. Further, the Department improperly classified $2.4 million of contractor expenditures, or 6 percent of the program’s total federal expenditures, as subrecipient expenditures on the State’s initial schedule of expenditures of federal awards (SEFA). Effect—The Department’s failure to perform required monitoring increased the risk that the $3.3 million of program monies the Department awarded to subrecipients may not have been spent in accordance with the award terms and program or contract requirements. Further, the Department’s not properly reporting contractor versus subrecipient expenditures on the SEFA increased the risk that subrecipients are not properly identified and monitored by the Department. If monies are spent inconsistent with program and contract requirements, those who were intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Further, although the Department corrected the subrecipient misclassification error before the State issued its Single Audit Report, there is an increased risk that the State’s SEFA could contain significant errors and misinform those who are relying on the information. Cause—The Department lacked entity-wide subrecipient-monitoring policies and procedures for its divisions to follow and instead relied on each division administering the program to design and implement its own subrecipient-monitoring procedures. However, of the 2 Department divisions administering the program, 1 was not aware of the subrecipient-monitoring requirements, and the other did not follow its subrecipient-monitoring policies and procedures, as follows: • The Child and Community Services Division (CCSD) personnel responsible for monitoring 5 subrecipients reported that they were not aware of the program’s subrecipient-monitoring requirements because of the program manager being on extended leave, turnover in staff knowledgeable of these requirements, and lack of established policies and procedures over monitoring the program’s subrecipients’ activities. Further, neither the Department nor the CCSD personnel responsible for identifying subrecipients provided guidance to CCSD personnel responsible for subrecipient monitoring. • The CCSD personnel responsible for monitoring 6 subrecipients reported that they did not follow CCSD’s procedures for monitoring the program’s subrecipients’ activities because they were short-staffed and prioritized monitoring other federal and State grants’ subrecipients’ activities. Further, the incorrect determination and reporting of a subrecipient relationship on the initial SEFA resulted from the Department’s entity-wide form used to determine whether other parties receiving program monies had the role of a subrecipient or contractor lacking detailed guidance for determining the characteristics that support a subrecipient versus a contractor relationship. Criteria—Federal regulation requires the Department to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments; reviewing financial and performance reports, verifying single audits were conducted timely; following up on and ensuring corrective action is taken on audit findings that could potentially affect the program; and issuing a management decision for audit findings pertaining to the federal award. Those federal regulations also provide that monitoring procedures may include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [d–e]). Further, federal regulation requires the Department to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the Division should monitor (2 CFR §200.331). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Perform required monitoring of its subrecipients and their compliance with the award terms and program requirements. 2. Properly classify and report subrecipient expenditures on the State’s SEFA. 3. Develop, implement, and train all divisions on entity-wide written subrecipient-monitoring policies and procedures requiring all divisions to: a. Assess the risk of each subrecipient’s noncompliance and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Verify subrecipients receive timely single audits, if required; follow up on and ensure that corrective action is taken on any audit findings that could potentially affect the program; and issue management decisions for any audit findings pertaining to the federal award. c. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. 4. Allocate sufficient resources, such as staffing, to comply with the award terms and program requirements, and designate individuals within each division to perform necessary subrecipient-monitoring procedures. 5. Update the form it uses to determine whether other parties receiving program monies have the role of a subrecipient or contractor to include guidance for how to determine each characteristic of a subrecipient and contractor relationship and require a conclusion to be documented. In addition, train staff to properly complete the form and perform supervisory reviews of it. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
Assistance Listings number and name: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Award number and year: None Federal agency: U.S. Department of the Treasury Questioned costs: $1,903,858 Assistance Listing number and name: 84.425C COVID-19 Education Stabilization Fund – Governor’s Emergency Education Relief (GEER) Fund Award numbers and years: S425C200052, June 2, 2020 through September 30, 2022; S425C210052, January 8, 2021 through September 30, 2023 Federal agency: U.S. Department of Education Questioned costs: Unknown Compliance requirement: Subrecipient monitoring Condition—The Governor’s Office of Strategic Planning and Budgeting (Office) awarded $135.1 million to 334 SLFRF program subrecipients and $10.2 million to 10 GEER program subrecipients during fiscal year 2023, or 88 percent and 98 percent, respectively, of each of the Office’s federal program expenditures, but did not perform all required risk assessments to assess whether its monitoring procedures were sufficient to evaluate whether subrecipients used program monies in accordance with the award terms and program requirements. Specifically, risk assessments were not performed for 37 of 42 SLFRF program subrecipients and 5 of 5 GEER program subrecipients tested. Effect—The Office’s delay in performing required risk assessments did not allow the Office to properly design and prioritize its monitoring efforts, resulting in the Office not timely identifying questioned costs of approximately $1,903,858 for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements.1 The Office identified several of these questioned costs as potentially inappropriate and has forwarded this information to the Attorney General’s Office for further review. As a result, the Office may be required to return these monies to the federal agency in accordance with Uniform Guidance requirements.2 Further, if monies were spent inconsistent with program requirements, those who were intended to benefit from the program may not have received all the services or other benefits they otherwise would have received. Subrecipient program expenditures are not related to the revenue loss expenditure category. Cause—Office management reported that it hired additional staff in fiscal year 2023 to begin addressing issues noted in prior year findings 2022-104 and 2022-10 but had not done so in time to complete required risk assessments for the more than 300 SLFRF program and 10 GEER program subrecipients.3 Criteria—Federal regulation requires the Office to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments. This federal regulation also provides that monitoring procedures may include reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [e]). Further, Office policy requires an annual risk assessment of open, active subawards to determine which subawards will be selected for review and monitoring priority (Grants Management Manual – Grantor, Chapter 8 – Award Monitoring). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Office should: 1. Ensure it performs required monitoring of its subrecipients and their compliance with the award terms and program requirements by following its established policies and procedures to assess the risk of each subrecipient’s noncompliance annually and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on site reviews, selective audits, and/or other monitoring procedures. 2. Continue to assess its resources, such as staffing, to perform required risk assessments and monitoring procedures to comply with the award terms and program requirements. 3. Work with the federal agency and the subrecipients to resolve the $1,903,858 of program monies that may have been spent in violation of its federal award terms and that may need to be returned to the federal agency.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year findings 2022-104 (GEER) and 2022-106 (SLFRF) and were initially reported in fiscal years 2021 (GEER) and 2022 (SLFRF). 1 The Office reported during fiscal year 2024 it began performing missing risk assessments for subrecipients awarded monies during fiscal years 2022 and 2023 that were not completed by June 30, 2023, and is currently conducting additional onsite monitoring or desk reviews based on those results. As of the report date, December 17, 2024, the Office identified and reported to us approximately $1,903,858 of expenditures for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements. Since the Office is still performing monitoring procedures for subaward monies spent during fiscal year 2023, there may be additional questioned costs that the Office has not identified. 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 3 Arizona Auditor General. (2023). State of Arizona June 30, 2022, Single Audit Report. Phoenix, AZ. Retrieved 08/13/2024 from https://www.azauditor.gov/sites/default/files/2024-01/StateOfArizonaJune30_2022SingleAudit.pdf
Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Subrecipient monitoring Questioned costs: Unknown Condition—The Department of Economic Security (Department) awarded $3.3 million to 11 subrecipients during fiscal year 2023, or 8.3 percent of the Department’s $40.2 million of total federal expenditures for this federal program, but did not perform the required monitoring of the subrecipients’ activities or compliance with the award terms and program requirements. Further, the Department improperly classified $2.4 million of contractor expenditures, or 6 percent of the program’s total federal expenditures, as subrecipient expenditures on the State’s initial schedule of expenditures of federal awards (SEFA). Effect—The Department’s failure to perform required monitoring increased the risk that the $3.3 million of program monies the Department awarded to subrecipients may not have been spent in accordance with the award terms and program or contract requirements. Further, the Department’s not properly reporting contractor versus subrecipient expenditures on the SEFA increased the risk that subrecipients are not properly identified and monitored by the Department. If monies are spent inconsistent with program and contract requirements, those who were intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Further, although the Department corrected the subrecipient misclassification error before the State issued its Single Audit Report, there is an increased risk that the State’s SEFA could contain significant errors and misinform those who are relying on the information. Cause—The Department lacked entity-wide subrecipient-monitoring policies and procedures for its divisions to follow and instead relied on each division administering the program to design and implement its own subrecipient-monitoring procedures. However, of the 2 Department divisions administering the program, 1 was not aware of the subrecipient-monitoring requirements, and the other did not follow its subrecipient-monitoring policies and procedures, as follows: • The Child and Community Services Division (CCSD) personnel responsible for monitoring 5 subrecipients reported that they were not aware of the program’s subrecipient-monitoring requirements because of the program manager being on extended leave, turnover in staff knowledgeable of these requirements, and lack of established policies and procedures over monitoring the program’s subrecipients’ activities. Further, neither the Department nor the CCSD personnel responsible for identifying subrecipients provided guidance to CCSD personnel responsible for subrecipient monitoring. • The CCSD personnel responsible for monitoring 6 subrecipients reported that they did not follow CCSD’s procedures for monitoring the program’s subrecipients’ activities because they were short-staffed and prioritized monitoring other federal and State grants’ subrecipients’ activities. Further, the incorrect determination and reporting of a subrecipient relationship on the initial SEFA resulted from the Department’s entity-wide form used to determine whether other parties receiving program monies had the role of a subrecipient or contractor lacking detailed guidance for determining the characteristics that support a subrecipient versus a contractor relationship. Criteria—Federal regulation requires the Department to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments; reviewing financial and performance reports, verifying single audits were conducted timely; following up on and ensuring corrective action is taken on audit findings that could potentially affect the program; and issuing a management decision for audit findings pertaining to the federal award. Those federal regulations also provide that monitoring procedures may include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [d–e]). Further, federal regulation requires the Department to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the Division should monitor (2 CFR §200.331). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Perform required monitoring of its subrecipients and their compliance with the award terms and program requirements. 2. Properly classify and report subrecipient expenditures on the State’s SEFA. 3. Develop, implement, and train all divisions on entity-wide written subrecipient-monitoring policies and procedures requiring all divisions to: a. Assess the risk of each subrecipient’s noncompliance and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Verify subrecipients receive timely single audits, if required; follow up on and ensure that corrective action is taken on any audit findings that could potentially affect the program; and issue management decisions for any audit findings pertaining to the federal award. c. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. 4. Allocate sufficient resources, such as staffing, to comply with the award terms and program requirements, and designate individuals within each division to perform necessary subrecipient-monitoring procedures. 5. Update the form it uses to determine whether other parties receiving program monies have the role of a subrecipient or contractor to include guidance for how to determine each characteristic of a subrecipient and contractor relationship and require a conclusion to be documented. In addition, train staff to properly complete the form and perform supervisory reviews of it. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
Assistance Listings number and name: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Award number and year: None Federal agency: U.S. Department of the Treasury Questioned costs: $1,903,858 Assistance Listing number and name: 84.425C COVID-19 Education Stabilization Fund – Governor’s Emergency Education Relief (GEER) Fund Award numbers and years: S425C200052, June 2, 2020 through September 30, 2022; S425C210052, January 8, 2021 through September 30, 2023 Federal agency: U.S. Department of Education Questioned costs: Unknown Compliance requirement: Subrecipient monitoring Condition—The Governor’s Office of Strategic Planning and Budgeting (Office) awarded $135.1 million to 334 SLFRF program subrecipients and $10.2 million to 10 GEER program subrecipients during fiscal year 2023, or 88 percent and 98 percent, respectively, of each of the Office’s federal program expenditures, but did not perform all required risk assessments to assess whether its monitoring procedures were sufficient to evaluate whether subrecipients used program monies in accordance with the award terms and program requirements. Specifically, risk assessments were not performed for 37 of 42 SLFRF program subrecipients and 5 of 5 GEER program subrecipients tested. Effect—The Office’s delay in performing required risk assessments did not allow the Office to properly design and prioritize its monitoring efforts, resulting in the Office not timely identifying questioned costs of approximately $1,903,858 for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements.1 The Office identified several of these questioned costs as potentially inappropriate and has forwarded this information to the Attorney General’s Office for further review. As a result, the Office may be required to return these monies to the federal agency in accordance with Uniform Guidance requirements.2 Further, if monies were spent inconsistent with program requirements, those who were intended to benefit from the program may not have received all the services or other benefits they otherwise would have received. Subrecipient program expenditures are not related to the revenue loss expenditure category. Cause—Office management reported that it hired additional staff in fiscal year 2023 to begin addressing issues noted in prior year findings 2022-104 and 2022-10 but had not done so in time to complete required risk assessments for the more than 300 SLFRF program and 10 GEER program subrecipients.3 Criteria—Federal regulation requires the Office to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments. This federal regulation also provides that monitoring procedures may include reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [e]). Further, Office policy requires an annual risk assessment of open, active subawards to determine which subawards will be selected for review and monitoring priority (Grants Management Manual – Grantor, Chapter 8 – Award Monitoring). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Office should: 1. Ensure it performs required monitoring of its subrecipients and their compliance with the award terms and program requirements by following its established policies and procedures to assess the risk of each subrecipient’s noncompliance annually and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on site reviews, selective audits, and/or other monitoring procedures. 2. Continue to assess its resources, such as staffing, to perform required risk assessments and monitoring procedures to comply with the award terms and program requirements. 3. Work with the federal agency and the subrecipients to resolve the $1,903,858 of program monies that may have been spent in violation of its federal award terms and that may need to be returned to the federal agency.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year findings 2022-104 (GEER) and 2022-106 (SLFRF) and were initially reported in fiscal years 2021 (GEER) and 2022 (SLFRF). 1 The Office reported during fiscal year 2024 it began performing missing risk assessments for subrecipients awarded monies during fiscal years 2022 and 2023 that were not completed by June 30, 2023, and is currently conducting additional onsite monitoring or desk reviews based on those results. As of the report date, December 17, 2024, the Office identified and reported to us approximately $1,903,858 of expenditures for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements. Since the Office is still performing monitoring procedures for subaward monies spent during fiscal year 2023, there may be additional questioned costs that the Office has not identified. 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 3 Arizona Auditor General. (2023). State of Arizona June 30, 2022, Single Audit Report. Phoenix, AZ. Retrieved 08/13/2024 from https://www.azauditor.gov/sites/default/files/2024-01/StateOfArizonaJune30_2022SingleAudit.pdf
Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Subrecipient monitoring Questioned costs: Unknown Condition—The Department of Economic Security (Department) awarded $3.3 million to 11 subrecipients during fiscal year 2023, or 8.3 percent of the Department’s $40.2 million of total federal expenditures for this federal program, but did not perform the required monitoring of the subrecipients’ activities or compliance with the award terms and program requirements. Further, the Department improperly classified $2.4 million of contractor expenditures, or 6 percent of the program’s total federal expenditures, as subrecipient expenditures on the State’s initial schedule of expenditures of federal awards (SEFA). Effect—The Department’s failure to perform required monitoring increased the risk that the $3.3 million of program monies the Department awarded to subrecipients may not have been spent in accordance with the award terms and program or contract requirements. Further, the Department’s not properly reporting contractor versus subrecipient expenditures on the SEFA increased the risk that subrecipients are not properly identified and monitored by the Department. If monies are spent inconsistent with program and contract requirements, those who were intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Further, although the Department corrected the subrecipient misclassification error before the State issued its Single Audit Report, there is an increased risk that the State’s SEFA could contain significant errors and misinform those who are relying on the information. Cause—The Department lacked entity-wide subrecipient-monitoring policies and procedures for its divisions to follow and instead relied on each division administering the program to design and implement its own subrecipient-monitoring procedures. However, of the 2 Department divisions administering the program, 1 was not aware of the subrecipient-monitoring requirements, and the other did not follow its subrecipient-monitoring policies and procedures, as follows: • The Child and Community Services Division (CCSD) personnel responsible for monitoring 5 subrecipients reported that they were not aware of the program’s subrecipient-monitoring requirements because of the program manager being on extended leave, turnover in staff knowledgeable of these requirements, and lack of established policies and procedures over monitoring the program’s subrecipients’ activities. Further, neither the Department nor the CCSD personnel responsible for identifying subrecipients provided guidance to CCSD personnel responsible for subrecipient monitoring. • The CCSD personnel responsible for monitoring 6 subrecipients reported that they did not follow CCSD’s procedures for monitoring the program’s subrecipients’ activities because they were short-staffed and prioritized monitoring other federal and State grants’ subrecipients’ activities. Further, the incorrect determination and reporting of a subrecipient relationship on the initial SEFA resulted from the Department’s entity-wide form used to determine whether other parties receiving program monies had the role of a subrecipient or contractor lacking detailed guidance for determining the characteristics that support a subrecipient versus a contractor relationship. Criteria—Federal regulation requires the Department to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments; reviewing financial and performance reports, verifying single audits were conducted timely; following up on and ensuring corrective action is taken on audit findings that could potentially affect the program; and issuing a management decision for audit findings pertaining to the federal award. Those federal regulations also provide that monitoring procedures may include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [d–e]). Further, federal regulation requires the Department to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the Division should monitor (2 CFR §200.331). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Perform required monitoring of its subrecipients and their compliance with the award terms and program requirements. 2. Properly classify and report subrecipient expenditures on the State’s SEFA. 3. Develop, implement, and train all divisions on entity-wide written subrecipient-monitoring policies and procedures requiring all divisions to: a. Assess the risk of each subrecipient’s noncompliance and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Verify subrecipients receive timely single audits, if required; follow up on and ensure that corrective action is taken on any audit findings that could potentially affect the program; and issue management decisions for any audit findings pertaining to the federal award. c. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. 4. Allocate sufficient resources, such as staffing, to comply with the award terms and program requirements, and designate individuals within each division to perform necessary subrecipient-monitoring procedures. 5. Update the form it uses to determine whether other parties receiving program monies have the role of a subrecipient or contractor to include guidance for how to determine each characteristic of a subrecipient and contractor relationship and require a conclusion to be documented. In addition, train staff to properly complete the form and perform supervisory reviews of it. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
Assistance Listings number and name: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Award number and year: None Federal agency: U.S. Department of the Treasury Questioned costs: $1,903,858 Assistance Listing number and name: 84.425C COVID-19 Education Stabilization Fund – Governor’s Emergency Education Relief (GEER) Fund Award numbers and years: S425C200052, June 2, 2020 through September 30, 2022; S425C210052, January 8, 2021 through September 30, 2023 Federal agency: U.S. Department of Education Questioned costs: Unknown Compliance requirement: Subrecipient monitoring Condition—The Governor’s Office of Strategic Planning and Budgeting (Office) awarded $135.1 million to 334 SLFRF program subrecipients and $10.2 million to 10 GEER program subrecipients during fiscal year 2023, or 88 percent and 98 percent, respectively, of each of the Office’s federal program expenditures, but did not perform all required risk assessments to assess whether its monitoring procedures were sufficient to evaluate whether subrecipients used program monies in accordance with the award terms and program requirements. Specifically, risk assessments were not performed for 37 of 42 SLFRF program subrecipients and 5 of 5 GEER program subrecipients tested. Effect—The Office’s delay in performing required risk assessments did not allow the Office to properly design and prioritize its monitoring efforts, resulting in the Office not timely identifying questioned costs of approximately $1,903,858 for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements.1 The Office identified several of these questioned costs as potentially inappropriate and has forwarded this information to the Attorney General’s Office for further review. As a result, the Office may be required to return these monies to the federal agency in accordance with Uniform Guidance requirements.2 Further, if monies were spent inconsistent with program requirements, those who were intended to benefit from the program may not have received all the services or other benefits they otherwise would have received. Subrecipient program expenditures are not related to the revenue loss expenditure category. Cause—Office management reported that it hired additional staff in fiscal year 2023 to begin addressing issues noted in prior year findings 2022-104 and 2022-10 but had not done so in time to complete required risk assessments for the more than 300 SLFRF program and 10 GEER program subrecipients.3 Criteria—Federal regulation requires the Office to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments. This federal regulation also provides that monitoring procedures may include reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [e]). Further, Office policy requires an annual risk assessment of open, active subawards to determine which subawards will be selected for review and monitoring priority (Grants Management Manual – Grantor, Chapter 8 – Award Monitoring). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Office should: 1. Ensure it performs required monitoring of its subrecipients and their compliance with the award terms and program requirements by following its established policies and procedures to assess the risk of each subrecipient’s noncompliance annually and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on site reviews, selective audits, and/or other monitoring procedures. 2. Continue to assess its resources, such as staffing, to perform required risk assessments and monitoring procedures to comply with the award terms and program requirements. 3. Work with the federal agency and the subrecipients to resolve the $1,903,858 of program monies that may have been spent in violation of its federal award terms and that may need to be returned to the federal agency.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year findings 2022-104 (GEER) and 2022-106 (SLFRF) and were initially reported in fiscal years 2021 (GEER) and 2022 (SLFRF). 1 The Office reported during fiscal year 2024 it began performing missing risk assessments for subrecipients awarded monies during fiscal years 2022 and 2023 that were not completed by June 30, 2023, and is currently conducting additional onsite monitoring or desk reviews based on those results. As of the report date, December 17, 2024, the Office identified and reported to us approximately $1,903,858 of expenditures for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements. Since the Office is still performing monitoring procedures for subaward monies spent during fiscal year 2023, there may be additional questioned costs that the Office has not identified. 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 3 Arizona Auditor General. (2023). State of Arizona June 30, 2022, Single Audit Report. Phoenix, AZ. Retrieved 08/13/2024 from https://www.azauditor.gov/sites/default/files/2024-01/StateOfArizonaJune30_2022SingleAudit.pdf
Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Subrecipient monitoring Questioned costs: Unknown Condition—The Department of Economic Security (Department) awarded $3.3 million to 11 subrecipients during fiscal year 2023, or 8.3 percent of the Department’s $40.2 million of total federal expenditures for this federal program, but did not perform the required monitoring of the subrecipients’ activities or compliance with the award terms and program requirements. Further, the Department improperly classified $2.4 million of contractor expenditures, or 6 percent of the program’s total federal expenditures, as subrecipient expenditures on the State’s initial schedule of expenditures of federal awards (SEFA). Effect—The Department’s failure to perform required monitoring increased the risk that the $3.3 million of program monies the Department awarded to subrecipients may not have been spent in accordance with the award terms and program or contract requirements. Further, the Department’s not properly reporting contractor versus subrecipient expenditures on the SEFA increased the risk that subrecipients are not properly identified and monitored by the Department. If monies are spent inconsistent with program and contract requirements, those who were intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Further, although the Department corrected the subrecipient misclassification error before the State issued its Single Audit Report, there is an increased risk that the State’s SEFA could contain significant errors and misinform those who are relying on the information. Cause—The Department lacked entity-wide subrecipient-monitoring policies and procedures for its divisions to follow and instead relied on each division administering the program to design and implement its own subrecipient-monitoring procedures. However, of the 2 Department divisions administering the program, 1 was not aware of the subrecipient-monitoring requirements, and the other did not follow its subrecipient-monitoring policies and procedures, as follows: • The Child and Community Services Division (CCSD) personnel responsible for monitoring 5 subrecipients reported that they were not aware of the program’s subrecipient-monitoring requirements because of the program manager being on extended leave, turnover in staff knowledgeable of these requirements, and lack of established policies and procedures over monitoring the program’s subrecipients’ activities. Further, neither the Department nor the CCSD personnel responsible for identifying subrecipients provided guidance to CCSD personnel responsible for subrecipient monitoring. • The CCSD personnel responsible for monitoring 6 subrecipients reported that they did not follow CCSD’s procedures for monitoring the program’s subrecipients’ activities because they were short-staffed and prioritized monitoring other federal and State grants’ subrecipients’ activities. Further, the incorrect determination and reporting of a subrecipient relationship on the initial SEFA resulted from the Department’s entity-wide form used to determine whether other parties receiving program monies had the role of a subrecipient or contractor lacking detailed guidance for determining the characteristics that support a subrecipient versus a contractor relationship. Criteria—Federal regulation requires the Department to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments; reviewing financial and performance reports, verifying single audits were conducted timely; following up on and ensuring corrective action is taken on audit findings that could potentially affect the program; and issuing a management decision for audit findings pertaining to the federal award. Those federal regulations also provide that monitoring procedures may include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [d–e]). Further, federal regulation requires the Department to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the Division should monitor (2 CFR §200.331). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Perform required monitoring of its subrecipients and their compliance with the award terms and program requirements. 2. Properly classify and report subrecipient expenditures on the State’s SEFA. 3. Develop, implement, and train all divisions on entity-wide written subrecipient-monitoring policies and procedures requiring all divisions to: a. Assess the risk of each subrecipient’s noncompliance and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Verify subrecipients receive timely single audits, if required; follow up on and ensure that corrective action is taken on any audit findings that could potentially affect the program; and issue management decisions for any audit findings pertaining to the federal award. c. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. 4. Allocate sufficient resources, such as staffing, to comply with the award terms and program requirements, and designate individuals within each division to perform necessary subrecipient-monitoring procedures. 5. Update the form it uses to determine whether other parties receiving program monies have the role of a subrecipient or contractor to include guidance for how to determine each characteristic of a subrecipient and contractor relationship and require a conclusion to be documented. In addition, train staff to properly complete the form and perform supervisory reviews of it. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
Assistance Listings number and name: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Award number and year: None Federal agency: U.S. Department of the Treasury Questioned costs: $1,903,858 Assistance Listing number and name: 84.425C COVID-19 Education Stabilization Fund – Governor’s Emergency Education Relief (GEER) Fund Award numbers and years: S425C200052, June 2, 2020 through September 30, 2022; S425C210052, January 8, 2021 through September 30, 2023 Federal agency: U.S. Department of Education Questioned costs: Unknown Compliance requirement: Subrecipient monitoring Condition—The Governor’s Office of Strategic Planning and Budgeting (Office) awarded $135.1 million to 334 SLFRF program subrecipients and $10.2 million to 10 GEER program subrecipients during fiscal year 2023, or 88 percent and 98 percent, respectively, of each of the Office’s federal program expenditures, but did not perform all required risk assessments to assess whether its monitoring procedures were sufficient to evaluate whether subrecipients used program monies in accordance with the award terms and program requirements. Specifically, risk assessments were not performed for 37 of 42 SLFRF program subrecipients and 5 of 5 GEER program subrecipients tested. Effect—The Office’s delay in performing required risk assessments did not allow the Office to properly design and prioritize its monitoring efforts, resulting in the Office not timely identifying questioned costs of approximately $1,903,858 for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements.1 The Office identified several of these questioned costs as potentially inappropriate and has forwarded this information to the Attorney General’s Office for further review. As a result, the Office may be required to return these monies to the federal agency in accordance with Uniform Guidance requirements.2 Further, if monies were spent inconsistent with program requirements, those who were intended to benefit from the program may not have received all the services or other benefits they otherwise would have received. Subrecipient program expenditures are not related to the revenue loss expenditure category. Cause—Office management reported that it hired additional staff in fiscal year 2023 to begin addressing issues noted in prior year findings 2022-104 and 2022-10 but had not done so in time to complete required risk assessments for the more than 300 SLFRF program and 10 GEER program subrecipients.3 Criteria—Federal regulation requires the Office to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments. This federal regulation also provides that monitoring procedures may include reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [e]). Further, Office policy requires an annual risk assessment of open, active subawards to determine which subawards will be selected for review and monitoring priority (Grants Management Manual – Grantor, Chapter 8 – Award Monitoring). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Office should: 1. Ensure it performs required monitoring of its subrecipients and their compliance with the award terms and program requirements by following its established policies and procedures to assess the risk of each subrecipient’s noncompliance annually and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on site reviews, selective audits, and/or other monitoring procedures. 2. Continue to assess its resources, such as staffing, to perform required risk assessments and monitoring procedures to comply with the award terms and program requirements. 3. Work with the federal agency and the subrecipients to resolve the $1,903,858 of program monies that may have been spent in violation of its federal award terms and that may need to be returned to the federal agency.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year findings 2022-104 (GEER) and 2022-106 (SLFRF) and were initially reported in fiscal years 2021 (GEER) and 2022 (SLFRF). 1 The Office reported during fiscal year 2024 it began performing missing risk assessments for subrecipients awarded monies during fiscal years 2022 and 2023 that were not completed by June 30, 2023, and is currently conducting additional onsite monitoring or desk reviews based on those results. As of the report date, December 17, 2024, the Office identified and reported to us approximately $1,903,858 of expenditures for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements. Since the Office is still performing monitoring procedures for subaward monies spent during fiscal year 2023, there may be additional questioned costs that the Office has not identified. 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 3 Arizona Auditor General. (2023). State of Arizona June 30, 2022, Single Audit Report. Phoenix, AZ. Retrieved 08/13/2024 from https://www.azauditor.gov/sites/default/files/2024-01/StateOfArizonaJune30_2022SingleAudit.pdf
Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Subrecipient monitoring Questioned costs: Unknown Condition—The Department of Economic Security (Department) awarded $3.3 million to 11 subrecipients during fiscal year 2023, or 8.3 percent of the Department’s $40.2 million of total federal expenditures for this federal program, but did not perform the required monitoring of the subrecipients’ activities or compliance with the award terms and program requirements. Further, the Department improperly classified $2.4 million of contractor expenditures, or 6 percent of the program’s total federal expenditures, as subrecipient expenditures on the State’s initial schedule of expenditures of federal awards (SEFA). Effect—The Department’s failure to perform required monitoring increased the risk that the $3.3 million of program monies the Department awarded to subrecipients may not have been spent in accordance with the award terms and program or contract requirements. Further, the Department’s not properly reporting contractor versus subrecipient expenditures on the SEFA increased the risk that subrecipients are not properly identified and monitored by the Department. If monies are spent inconsistent with program and contract requirements, those who were intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Further, although the Department corrected the subrecipient misclassification error before the State issued its Single Audit Report, there is an increased risk that the State’s SEFA could contain significant errors and misinform those who are relying on the information. Cause—The Department lacked entity-wide subrecipient-monitoring policies and procedures for its divisions to follow and instead relied on each division administering the program to design and implement its own subrecipient-monitoring procedures. However, of the 2 Department divisions administering the program, 1 was not aware of the subrecipient-monitoring requirements, and the other did not follow its subrecipient-monitoring policies and procedures, as follows: • The Child and Community Services Division (CCSD) personnel responsible for monitoring 5 subrecipients reported that they were not aware of the program’s subrecipient-monitoring requirements because of the program manager being on extended leave, turnover in staff knowledgeable of these requirements, and lack of established policies and procedures over monitoring the program’s subrecipients’ activities. Further, neither the Department nor the CCSD personnel responsible for identifying subrecipients provided guidance to CCSD personnel responsible for subrecipient monitoring. • The CCSD personnel responsible for monitoring 6 subrecipients reported that they did not follow CCSD’s procedures for monitoring the program’s subrecipients’ activities because they were short-staffed and prioritized monitoring other federal and State grants’ subrecipients’ activities. Further, the incorrect determination and reporting of a subrecipient relationship on the initial SEFA resulted from the Department’s entity-wide form used to determine whether other parties receiving program monies had the role of a subrecipient or contractor lacking detailed guidance for determining the characteristics that support a subrecipient versus a contractor relationship. Criteria—Federal regulation requires the Department to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments; reviewing financial and performance reports, verifying single audits were conducted timely; following up on and ensuring corrective action is taken on audit findings that could potentially affect the program; and issuing a management decision for audit findings pertaining to the federal award. Those federal regulations also provide that monitoring procedures may include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [d–e]). Further, federal regulation requires the Department to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the Division should monitor (2 CFR §200.331). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Perform required monitoring of its subrecipients and their compliance with the award terms and program requirements. 2. Properly classify and report subrecipient expenditures on the State’s SEFA. 3. Develop, implement, and train all divisions on entity-wide written subrecipient-monitoring policies and procedures requiring all divisions to: a. Assess the risk of each subrecipient’s noncompliance and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Verify subrecipients receive timely single audits, if required; follow up on and ensure that corrective action is taken on any audit findings that could potentially affect the program; and issue management decisions for any audit findings pertaining to the federal award. c. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. 4. Allocate sufficient resources, such as staffing, to comply with the award terms and program requirements, and designate individuals within each division to perform necessary subrecipient-monitoring procedures. 5. Update the form it uses to determine whether other parties receiving program monies have the role of a subrecipient or contractor to include guidance for how to determine each characteristic of a subrecipient and contractor relationship and require a conclusion to be documented. In addition, train staff to properly complete the form and perform supervisory reviews of it. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
Assistance Listings number and name: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Award number and year: None Federal agency: U.S. Department of the Treasury Questioned costs: $1,903,858 Assistance Listing number and name: 84.425C COVID-19 Education Stabilization Fund – Governor’s Emergency Education Relief (GEER) Fund Award numbers and years: S425C200052, June 2, 2020 through September 30, 2022; S425C210052, January 8, 2021 through September 30, 2023 Federal agency: U.S. Department of Education Questioned costs: Unknown Compliance requirement: Subrecipient monitoring Condition—The Governor’s Office of Strategic Planning and Budgeting (Office) awarded $135.1 million to 334 SLFRF program subrecipients and $10.2 million to 10 GEER program subrecipients during fiscal year 2023, or 88 percent and 98 percent, respectively, of each of the Office’s federal program expenditures, but did not perform all required risk assessments to assess whether its monitoring procedures were sufficient to evaluate whether subrecipients used program monies in accordance with the award terms and program requirements. Specifically, risk assessments were not performed for 37 of 42 SLFRF program subrecipients and 5 of 5 GEER program subrecipients tested. Effect—The Office’s delay in performing required risk assessments did not allow the Office to properly design and prioritize its monitoring efforts, resulting in the Office not timely identifying questioned costs of approximately $1,903,858 for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements.1 The Office identified several of these questioned costs as potentially inappropriate and has forwarded this information to the Attorney General’s Office for further review. As a result, the Office may be required to return these monies to the federal agency in accordance with Uniform Guidance requirements.2 Further, if monies were spent inconsistent with program requirements, those who were intended to benefit from the program may not have received all the services or other benefits they otherwise would have received. Subrecipient program expenditures are not related to the revenue loss expenditure category. Cause—Office management reported that it hired additional staff in fiscal year 2023 to begin addressing issues noted in prior year findings 2022-104 and 2022-10 but had not done so in time to complete required risk assessments for the more than 300 SLFRF program and 10 GEER program subrecipients.3 Criteria—Federal regulation requires the Office to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments. This federal regulation also provides that monitoring procedures may include reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [e]). Further, Office policy requires an annual risk assessment of open, active subawards to determine which subawards will be selected for review and monitoring priority (Grants Management Manual – Grantor, Chapter 8 – Award Monitoring). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Office should: 1. Ensure it performs required monitoring of its subrecipients and their compliance with the award terms and program requirements by following its established policies and procedures to assess the risk of each subrecipient’s noncompliance annually and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on site reviews, selective audits, and/or other monitoring procedures. 2. Continue to assess its resources, such as staffing, to perform required risk assessments and monitoring procedures to comply with the award terms and program requirements. 3. Work with the federal agency and the subrecipients to resolve the $1,903,858 of program monies that may have been spent in violation of its federal award terms and that may need to be returned to the federal agency.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year findings 2022-104 (GEER) and 2022-106 (SLFRF) and were initially reported in fiscal years 2021 (GEER) and 2022 (SLFRF). 1 The Office reported during fiscal year 2024 it began performing missing risk assessments for subrecipients awarded monies during fiscal years 2022 and 2023 that were not completed by June 30, 2023, and is currently conducting additional onsite monitoring or desk reviews based on those results. As of the report date, December 17, 2024, the Office identified and reported to us approximately $1,903,858 of expenditures for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements. Since the Office is still performing monitoring procedures for subaward monies spent during fiscal year 2023, there may be additional questioned costs that the Office has not identified. 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 3 Arizona Auditor General. (2023). State of Arizona June 30, 2022, Single Audit Report. Phoenix, AZ. Retrieved 08/13/2024 from https://www.azauditor.gov/sites/default/files/2024-01/StateOfArizonaJune30_2022SingleAudit.pdf
Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Subrecipient monitoring Questioned costs: Unknown Condition—The Department of Economic Security (Department) awarded $3.3 million to 11 subrecipients during fiscal year 2023, or 8.3 percent of the Department’s $40.2 million of total federal expenditures for this federal program, but did not perform the required monitoring of the subrecipients’ activities or compliance with the award terms and program requirements. Further, the Department improperly classified $2.4 million of contractor expenditures, or 6 percent of the program’s total federal expenditures, as subrecipient expenditures on the State’s initial schedule of expenditures of federal awards (SEFA). Effect—The Department’s failure to perform required monitoring increased the risk that the $3.3 million of program monies the Department awarded to subrecipients may not have been spent in accordance with the award terms and program or contract requirements. Further, the Department’s not properly reporting contractor versus subrecipient expenditures on the SEFA increased the risk that subrecipients are not properly identified and monitored by the Department. If monies are spent inconsistent with program and contract requirements, those who were intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Further, although the Department corrected the subrecipient misclassification error before the State issued its Single Audit Report, there is an increased risk that the State’s SEFA could contain significant errors and misinform those who are relying on the information. Cause—The Department lacked entity-wide subrecipient-monitoring policies and procedures for its divisions to follow and instead relied on each division administering the program to design and implement its own subrecipient-monitoring procedures. However, of the 2 Department divisions administering the program, 1 was not aware of the subrecipient-monitoring requirements, and the other did not follow its subrecipient-monitoring policies and procedures, as follows: • The Child and Community Services Division (CCSD) personnel responsible for monitoring 5 subrecipients reported that they were not aware of the program’s subrecipient-monitoring requirements because of the program manager being on extended leave, turnover in staff knowledgeable of these requirements, and lack of established policies and procedures over monitoring the program’s subrecipients’ activities. Further, neither the Department nor the CCSD personnel responsible for identifying subrecipients provided guidance to CCSD personnel responsible for subrecipient monitoring. • The CCSD personnel responsible for monitoring 6 subrecipients reported that they did not follow CCSD’s procedures for monitoring the program’s subrecipients’ activities because they were short-staffed and prioritized monitoring other federal and State grants’ subrecipients’ activities. Further, the incorrect determination and reporting of a subrecipient relationship on the initial SEFA resulted from the Department’s entity-wide form used to determine whether other parties receiving program monies had the role of a subrecipient or contractor lacking detailed guidance for determining the characteristics that support a subrecipient versus a contractor relationship. Criteria—Federal regulation requires the Department to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments; reviewing financial and performance reports, verifying single audits were conducted timely; following up on and ensuring corrective action is taken on audit findings that could potentially affect the program; and issuing a management decision for audit findings pertaining to the federal award. Those federal regulations also provide that monitoring procedures may include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [d–e]). Further, federal regulation requires the Department to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the Division should monitor (2 CFR §200.331). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Perform required monitoring of its subrecipients and their compliance with the award terms and program requirements. 2. Properly classify and report subrecipient expenditures on the State’s SEFA. 3. Develop, implement, and train all divisions on entity-wide written subrecipient-monitoring policies and procedures requiring all divisions to: a. Assess the risk of each subrecipient’s noncompliance and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Verify subrecipients receive timely single audits, if required; follow up on and ensure that corrective action is taken on any audit findings that could potentially affect the program; and issue management decisions for any audit findings pertaining to the federal award. c. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. 4. Allocate sufficient resources, such as staffing, to comply with the award terms and program requirements, and designate individuals within each division to perform necessary subrecipient-monitoring procedures. 5. Update the form it uses to determine whether other parties receiving program monies have the role of a subrecipient or contractor to include guidance for how to determine each characteristic of a subrecipient and contractor relationship and require a conclusion to be documented. In addition, train staff to properly complete the form and perform supervisory reviews of it. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
Assistance Listings number and name: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Award number and year: None Federal agency: U.S. Department of the Treasury Questioned costs: $1,903,858 Assistance Listing number and name: 84.425C COVID-19 Education Stabilization Fund – Governor’s Emergency Education Relief (GEER) Fund Award numbers and years: S425C200052, June 2, 2020 through September 30, 2022; S425C210052, January 8, 2021 through September 30, 2023 Federal agency: U.S. Department of Education Questioned costs: Unknown Compliance requirement: Subrecipient monitoring Condition—The Governor’s Office of Strategic Planning and Budgeting (Office) awarded $135.1 million to 334 SLFRF program subrecipients and $10.2 million to 10 GEER program subrecipients during fiscal year 2023, or 88 percent and 98 percent, respectively, of each of the Office’s federal program expenditures, but did not perform all required risk assessments to assess whether its monitoring procedures were sufficient to evaluate whether subrecipients used program monies in accordance with the award terms and program requirements. Specifically, risk assessments were not performed for 37 of 42 SLFRF program subrecipients and 5 of 5 GEER program subrecipients tested. Effect—The Office’s delay in performing required risk assessments did not allow the Office to properly design and prioritize its monitoring efforts, resulting in the Office not timely identifying questioned costs of approximately $1,903,858 for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements.1 The Office identified several of these questioned costs as potentially inappropriate and has forwarded this information to the Attorney General’s Office for further review. As a result, the Office may be required to return these monies to the federal agency in accordance with Uniform Guidance requirements.2 Further, if monies were spent inconsistent with program requirements, those who were intended to benefit from the program may not have received all the services or other benefits they otherwise would have received. Subrecipient program expenditures are not related to the revenue loss expenditure category. Cause—Office management reported that it hired additional staff in fiscal year 2023 to begin addressing issues noted in prior year findings 2022-104 and 2022-10 but had not done so in time to complete required risk assessments for the more than 300 SLFRF program and 10 GEER program subrecipients.3 Criteria—Federal regulation requires the Office to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments. This federal regulation also provides that monitoring procedures may include reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [e]). Further, Office policy requires an annual risk assessment of open, active subawards to determine which subawards will be selected for review and monitoring priority (Grants Management Manual – Grantor, Chapter 8 – Award Monitoring). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Office should: 1. Ensure it performs required monitoring of its subrecipients and their compliance with the award terms and program requirements by following its established policies and procedures to assess the risk of each subrecipient’s noncompliance annually and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on site reviews, selective audits, and/or other monitoring procedures. 2. Continue to assess its resources, such as staffing, to perform required risk assessments and monitoring procedures to comply with the award terms and program requirements. 3. Work with the federal agency and the subrecipients to resolve the $1,903,858 of program monies that may have been spent in violation of its federal award terms and that may need to be returned to the federal agency.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year findings 2022-104 (GEER) and 2022-106 (SLFRF) and were initially reported in fiscal years 2021 (GEER) and 2022 (SLFRF). 1 The Office reported during fiscal year 2024 it began performing missing risk assessments for subrecipients awarded monies during fiscal years 2022 and 2023 that were not completed by June 30, 2023, and is currently conducting additional onsite monitoring or desk reviews based on those results. As of the report date, December 17, 2024, the Office identified and reported to us approximately $1,903,858 of expenditures for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements. Since the Office is still performing monitoring procedures for subaward monies spent during fiscal year 2023, there may be additional questioned costs that the Office has not identified. 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 3 Arizona Auditor General. (2023). State of Arizona June 30, 2022, Single Audit Report. Phoenix, AZ. Retrieved 08/13/2024 from https://www.azauditor.gov/sites/default/files/2024-01/StateOfArizonaJune30_2022SingleAudit.pdf
Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Subrecipient monitoring Questioned costs: Unknown Condition—The Department of Economic Security (Department) awarded $3.3 million to 11 subrecipients during fiscal year 2023, or 8.3 percent of the Department’s $40.2 million of total federal expenditures for this federal program, but did not perform the required monitoring of the subrecipients’ activities or compliance with the award terms and program requirements. Further, the Department improperly classified $2.4 million of contractor expenditures, or 6 percent of the program’s total federal expenditures, as subrecipient expenditures on the State’s initial schedule of expenditures of federal awards (SEFA). Effect—The Department’s failure to perform required monitoring increased the risk that the $3.3 million of program monies the Department awarded to subrecipients may not have been spent in accordance with the award terms and program or contract requirements. Further, the Department’s not properly reporting contractor versus subrecipient expenditures on the SEFA increased the risk that subrecipients are not properly identified and monitored by the Department. If monies are spent inconsistent with program and contract requirements, those who were intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Further, although the Department corrected the subrecipient misclassification error before the State issued its Single Audit Report, there is an increased risk that the State’s SEFA could contain significant errors and misinform those who are relying on the information. Cause—The Department lacked entity-wide subrecipient-monitoring policies and procedures for its divisions to follow and instead relied on each division administering the program to design and implement its own subrecipient-monitoring procedures. However, of the 2 Department divisions administering the program, 1 was not aware of the subrecipient-monitoring requirements, and the other did not follow its subrecipient-monitoring policies and procedures, as follows: • The Child and Community Services Division (CCSD) personnel responsible for monitoring 5 subrecipients reported that they were not aware of the program’s subrecipient-monitoring requirements because of the program manager being on extended leave, turnover in staff knowledgeable of these requirements, and lack of established policies and procedures over monitoring the program’s subrecipients’ activities. Further, neither the Department nor the CCSD personnel responsible for identifying subrecipients provided guidance to CCSD personnel responsible for subrecipient monitoring. • The CCSD personnel responsible for monitoring 6 subrecipients reported that they did not follow CCSD’s procedures for monitoring the program’s subrecipients’ activities because they were short-staffed and prioritized monitoring other federal and State grants’ subrecipients’ activities. Further, the incorrect determination and reporting of a subrecipient relationship on the initial SEFA resulted from the Department’s entity-wide form used to determine whether other parties receiving program monies had the role of a subrecipient or contractor lacking detailed guidance for determining the characteristics that support a subrecipient versus a contractor relationship. Criteria—Federal regulation requires the Department to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments; reviewing financial and performance reports, verifying single audits were conducted timely; following up on and ensuring corrective action is taken on audit findings that could potentially affect the program; and issuing a management decision for audit findings pertaining to the federal award. Those federal regulations also provide that monitoring procedures may include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [d–e]). Further, federal regulation requires the Department to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the Division should monitor (2 CFR §200.331). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Perform required monitoring of its subrecipients and their compliance with the award terms and program requirements. 2. Properly classify and report subrecipient expenditures on the State’s SEFA. 3. Develop, implement, and train all divisions on entity-wide written subrecipient-monitoring policies and procedures requiring all divisions to: a. Assess the risk of each subrecipient’s noncompliance and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Verify subrecipients receive timely single audits, if required; follow up on and ensure that corrective action is taken on any audit findings that could potentially affect the program; and issue management decisions for any audit findings pertaining to the federal award. c. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. 4. Allocate sufficient resources, such as staffing, to comply with the award terms and program requirements, and designate individuals within each division to perform necessary subrecipient-monitoring procedures. 5. Update the form it uses to determine whether other parties receiving program monies have the role of a subrecipient or contractor to include guidance for how to determine each characteristic of a subrecipient and contractor relationship and require a conclusion to be documented. In addition, train staff to properly complete the form and perform supervisory reviews of it. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
Assistance Listings number and name: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Award number and year: None Federal agency: U.S. Department of the Treasury Questioned costs: $1,903,858 Assistance Listing number and name: 84.425C COVID-19 Education Stabilization Fund – Governor’s Emergency Education Relief (GEER) Fund Award numbers and years: S425C200052, June 2, 2020 through September 30, 2022; S425C210052, January 8, 2021 through September 30, 2023 Federal agency: U.S. Department of Education Questioned costs: Unknown Compliance requirement: Subrecipient monitoring Condition—The Governor’s Office of Strategic Planning and Budgeting (Office) awarded $135.1 million to 334 SLFRF program subrecipients and $10.2 million to 10 GEER program subrecipients during fiscal year 2023, or 88 percent and 98 percent, respectively, of each of the Office’s federal program expenditures, but did not perform all required risk assessments to assess whether its monitoring procedures were sufficient to evaluate whether subrecipients used program monies in accordance with the award terms and program requirements. Specifically, risk assessments were not performed for 37 of 42 SLFRF program subrecipients and 5 of 5 GEER program subrecipients tested. Effect—The Office’s delay in performing required risk assessments did not allow the Office to properly design and prioritize its monitoring efforts, resulting in the Office not timely identifying questioned costs of approximately $1,903,858 for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements.1 The Office identified several of these questioned costs as potentially inappropriate and has forwarded this information to the Attorney General’s Office for further review. As a result, the Office may be required to return these monies to the federal agency in accordance with Uniform Guidance requirements.2 Further, if monies were spent inconsistent with program requirements, those who were intended to benefit from the program may not have received all the services or other benefits they otherwise would have received. Subrecipient program expenditures are not related to the revenue loss expenditure category. Cause—Office management reported that it hired additional staff in fiscal year 2023 to begin addressing issues noted in prior year findings 2022-104 and 2022-10 but had not done so in time to complete required risk assessments for the more than 300 SLFRF program and 10 GEER program subrecipients.3 Criteria—Federal regulation requires the Office to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments. This federal regulation also provides that monitoring procedures may include reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [e]). Further, Office policy requires an annual risk assessment of open, active subawards to determine which subawards will be selected for review and monitoring priority (Grants Management Manual – Grantor, Chapter 8 – Award Monitoring). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Office should: 1. Ensure it performs required monitoring of its subrecipients and their compliance with the award terms and program requirements by following its established policies and procedures to assess the risk of each subrecipient’s noncompliance annually and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on site reviews, selective audits, and/or other monitoring procedures. 2. Continue to assess its resources, such as staffing, to perform required risk assessments and monitoring procedures to comply with the award terms and program requirements. 3. Work with the federal agency and the subrecipients to resolve the $1,903,858 of program monies that may have been spent in violation of its federal award terms and that may need to be returned to the federal agency.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year findings 2022-104 (GEER) and 2022-106 (SLFRF) and were initially reported in fiscal years 2021 (GEER) and 2022 (SLFRF). 1 The Office reported during fiscal year 2024 it began performing missing risk assessments for subrecipients awarded monies during fiscal years 2022 and 2023 that were not completed by June 30, 2023, and is currently conducting additional onsite monitoring or desk reviews based on those results. As of the report date, December 17, 2024, the Office identified and reported to us approximately $1,903,858 of expenditures for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements. Since the Office is still performing monitoring procedures for subaward monies spent during fiscal year 2023, there may be additional questioned costs that the Office has not identified. 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 3 Arizona Auditor General. (2023). State of Arizona June 30, 2022, Single Audit Report. Phoenix, AZ. Retrieved 08/13/2024 from https://www.azauditor.gov/sites/default/files/2024-01/StateOfArizonaJune30_2022SingleAudit.pdf
Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Subrecipient monitoring Questioned costs: Unknown Condition—The Department of Economic Security (Department) awarded $3.3 million to 11 subrecipients during fiscal year 2023, or 8.3 percent of the Department’s $40.2 million of total federal expenditures for this federal program, but did not perform the required monitoring of the subrecipients’ activities or compliance with the award terms and program requirements. Further, the Department improperly classified $2.4 million of contractor expenditures, or 6 percent of the program’s total federal expenditures, as subrecipient expenditures on the State’s initial schedule of expenditures of federal awards (SEFA). Effect—The Department’s failure to perform required monitoring increased the risk that the $3.3 million of program monies the Department awarded to subrecipients may not have been spent in accordance with the award terms and program or contract requirements. Further, the Department’s not properly reporting contractor versus subrecipient expenditures on the SEFA increased the risk that subrecipients are not properly identified and monitored by the Department. If monies are spent inconsistent with program and contract requirements, those who were intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Further, although the Department corrected the subrecipient misclassification error before the State issued its Single Audit Report, there is an increased risk that the State’s SEFA could contain significant errors and misinform those who are relying on the information. Cause—The Department lacked entity-wide subrecipient-monitoring policies and procedures for its divisions to follow and instead relied on each division administering the program to design and implement its own subrecipient-monitoring procedures. However, of the 2 Department divisions administering the program, 1 was not aware of the subrecipient-monitoring requirements, and the other did not follow its subrecipient-monitoring policies and procedures, as follows: • The Child and Community Services Division (CCSD) personnel responsible for monitoring 5 subrecipients reported that they were not aware of the program’s subrecipient-monitoring requirements because of the program manager being on extended leave, turnover in staff knowledgeable of these requirements, and lack of established policies and procedures over monitoring the program’s subrecipients’ activities. Further, neither the Department nor the CCSD personnel responsible for identifying subrecipients provided guidance to CCSD personnel responsible for subrecipient monitoring. • The CCSD personnel responsible for monitoring 6 subrecipients reported that they did not follow CCSD’s procedures for monitoring the program’s subrecipients’ activities because they were short-staffed and prioritized monitoring other federal and State grants’ subrecipients’ activities. Further, the incorrect determination and reporting of a subrecipient relationship on the initial SEFA resulted from the Department’s entity-wide form used to determine whether other parties receiving program monies had the role of a subrecipient or contractor lacking detailed guidance for determining the characteristics that support a subrecipient versus a contractor relationship. Criteria—Federal regulation requires the Department to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments; reviewing financial and performance reports, verifying single audits were conducted timely; following up on and ensuring corrective action is taken on audit findings that could potentially affect the program; and issuing a management decision for audit findings pertaining to the federal award. Those federal regulations also provide that monitoring procedures may include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [d–e]). Further, federal regulation requires the Department to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the Division should monitor (2 CFR §200.331). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Perform required monitoring of its subrecipients and their compliance with the award terms and program requirements. 2. Properly classify and report subrecipient expenditures on the State’s SEFA. 3. Develop, implement, and train all divisions on entity-wide written subrecipient-monitoring policies and procedures requiring all divisions to: a. Assess the risk of each subrecipient’s noncompliance and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Verify subrecipients receive timely single audits, if required; follow up on and ensure that corrective action is taken on any audit findings that could potentially affect the program; and issue management decisions for any audit findings pertaining to the federal award. c. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. 4. Allocate sufficient resources, such as staffing, to comply with the award terms and program requirements, and designate individuals within each division to perform necessary subrecipient-monitoring procedures. 5. Update the form it uses to determine whether other parties receiving program monies have the role of a subrecipient or contractor to include guidance for how to determine each characteristic of a subrecipient and contractor relationship and require a conclusion to be documented. In addition, train staff to properly complete the form and perform supervisory reviews of it. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
Assistance Listings number and name: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Award number and year: None Federal agency: U.S. Department of the Treasury Questioned costs: $1,903,858 Assistance Listing number and name: 84.425C COVID-19 Education Stabilization Fund – Governor’s Emergency Education Relief (GEER) Fund Award numbers and years: S425C200052, June 2, 2020 through September 30, 2022; S425C210052, January 8, 2021 through September 30, 2023 Federal agency: U.S. Department of Education Questioned costs: Unknown Compliance requirement: Subrecipient monitoring Condition—The Governor’s Office of Strategic Planning and Budgeting (Office) awarded $135.1 million to 334 SLFRF program subrecipients and $10.2 million to 10 GEER program subrecipients during fiscal year 2023, or 88 percent and 98 percent, respectively, of each of the Office’s federal program expenditures, but did not perform all required risk assessments to assess whether its monitoring procedures were sufficient to evaluate whether subrecipients used program monies in accordance with the award terms and program requirements. Specifically, risk assessments were not performed for 37 of 42 SLFRF program subrecipients and 5 of 5 GEER program subrecipients tested. Effect—The Office’s delay in performing required risk assessments did not allow the Office to properly design and prioritize its monitoring efforts, resulting in the Office not timely identifying questioned costs of approximately $1,903,858 for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements.1 The Office identified several of these questioned costs as potentially inappropriate and has forwarded this information to the Attorney General’s Office for further review. As a result, the Office may be required to return these monies to the federal agency in accordance with Uniform Guidance requirements.2 Further, if monies were spent inconsistent with program requirements, those who were intended to benefit from the program may not have received all the services or other benefits they otherwise would have received. Subrecipient program expenditures are not related to the revenue loss expenditure category. Cause—Office management reported that it hired additional staff in fiscal year 2023 to begin addressing issues noted in prior year findings 2022-104 and 2022-10 but had not done so in time to complete required risk assessments for the more than 300 SLFRF program and 10 GEER program subrecipients.3 Criteria—Federal regulation requires the Office to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments. This federal regulation also provides that monitoring procedures may include reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [e]). Further, Office policy requires an annual risk assessment of open, active subawards to determine which subawards will be selected for review and monitoring priority (Grants Management Manual – Grantor, Chapter 8 – Award Monitoring). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Office should: 1. Ensure it performs required monitoring of its subrecipients and their compliance with the award terms and program requirements by following its established policies and procedures to assess the risk of each subrecipient’s noncompliance annually and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on site reviews, selective audits, and/or other monitoring procedures. 2. Continue to assess its resources, such as staffing, to perform required risk assessments and monitoring procedures to comply with the award terms and program requirements. 3. Work with the federal agency and the subrecipients to resolve the $1,903,858 of program monies that may have been spent in violation of its federal award terms and that may need to be returned to the federal agency.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year findings 2022-104 (GEER) and 2022-106 (SLFRF) and were initially reported in fiscal years 2021 (GEER) and 2022 (SLFRF). 1 The Office reported during fiscal year 2024 it began performing missing risk assessments for subrecipients awarded monies during fiscal years 2022 and 2023 that were not completed by June 30, 2023, and is currently conducting additional onsite monitoring or desk reviews based on those results. As of the report date, December 17, 2024, the Office identified and reported to us approximately $1,903,858 of expenditures for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements. Since the Office is still performing monitoring procedures for subaward monies spent during fiscal year 2023, there may be additional questioned costs that the Office has not identified. 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 3 Arizona Auditor General. (2023). State of Arizona June 30, 2022, Single Audit Report. Phoenix, AZ. Retrieved 08/13/2024 from https://www.azauditor.gov/sites/default/files/2024-01/StateOfArizonaJune30_2022SingleAudit.pdf
Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Subrecipient monitoring Questioned costs: Unknown Condition—The Department of Economic Security (Department) awarded $3.3 million to 11 subrecipients during fiscal year 2023, or 8.3 percent of the Department’s $40.2 million of total federal expenditures for this federal program, but did not perform the required monitoring of the subrecipients’ activities or compliance with the award terms and program requirements. Further, the Department improperly classified $2.4 million of contractor expenditures, or 6 percent of the program’s total federal expenditures, as subrecipient expenditures on the State’s initial schedule of expenditures of federal awards (SEFA). Effect—The Department’s failure to perform required monitoring increased the risk that the $3.3 million of program monies the Department awarded to subrecipients may not have been spent in accordance with the award terms and program or contract requirements. Further, the Department’s not properly reporting contractor versus subrecipient expenditures on the SEFA increased the risk that subrecipients are not properly identified and monitored by the Department. If monies are spent inconsistent with program and contract requirements, those who were intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Further, although the Department corrected the subrecipient misclassification error before the State issued its Single Audit Report, there is an increased risk that the State’s SEFA could contain significant errors and misinform those who are relying on the information. Cause—The Department lacked entity-wide subrecipient-monitoring policies and procedures for its divisions to follow and instead relied on each division administering the program to design and implement its own subrecipient-monitoring procedures. However, of the 2 Department divisions administering the program, 1 was not aware of the subrecipient-monitoring requirements, and the other did not follow its subrecipient-monitoring policies and procedures, as follows: • The Child and Community Services Division (CCSD) personnel responsible for monitoring 5 subrecipients reported that they were not aware of the program’s subrecipient-monitoring requirements because of the program manager being on extended leave, turnover in staff knowledgeable of these requirements, and lack of established policies and procedures over monitoring the program’s subrecipients’ activities. Further, neither the Department nor the CCSD personnel responsible for identifying subrecipients provided guidance to CCSD personnel responsible for subrecipient monitoring. • The CCSD personnel responsible for monitoring 6 subrecipients reported that they did not follow CCSD’s procedures for monitoring the program’s subrecipients’ activities because they were short-staffed and prioritized monitoring other federal and State grants’ subrecipients’ activities. Further, the incorrect determination and reporting of a subrecipient relationship on the initial SEFA resulted from the Department’s entity-wide form used to determine whether other parties receiving program monies had the role of a subrecipient or contractor lacking detailed guidance for determining the characteristics that support a subrecipient versus a contractor relationship. Criteria—Federal regulation requires the Department to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments; reviewing financial and performance reports, verifying single audits were conducted timely; following up on and ensuring corrective action is taken on audit findings that could potentially affect the program; and issuing a management decision for audit findings pertaining to the federal award. Those federal regulations also provide that monitoring procedures may include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [d–e]). Further, federal regulation requires the Department to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the Division should monitor (2 CFR §200.331). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Perform required monitoring of its subrecipients and their compliance with the award terms and program requirements. 2. Properly classify and report subrecipient expenditures on the State’s SEFA. 3. Develop, implement, and train all divisions on entity-wide written subrecipient-monitoring policies and procedures requiring all divisions to: a. Assess the risk of each subrecipient’s noncompliance and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Verify subrecipients receive timely single audits, if required; follow up on and ensure that corrective action is taken on any audit findings that could potentially affect the program; and issue management decisions for any audit findings pertaining to the federal award. c. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. 4. Allocate sufficient resources, such as staffing, to comply with the award terms and program requirements, and designate individuals within each division to perform necessary subrecipient-monitoring procedures. 5. Update the form it uses to determine whether other parties receiving program monies have the role of a subrecipient or contractor to include guidance for how to determine each characteristic of a subrecipient and contractor relationship and require a conclusion to be documented. In addition, train staff to properly complete the form and perform supervisory reviews of it. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
Assistance Listings number and name: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Award number and year: None Federal agency: U.S. Department of the Treasury Questioned costs: $1,903,858 Assistance Listing number and name: 84.425C COVID-19 Education Stabilization Fund – Governor’s Emergency Education Relief (GEER) Fund Award numbers and years: S425C200052, June 2, 2020 through September 30, 2022; S425C210052, January 8, 2021 through September 30, 2023 Federal agency: U.S. Department of Education Questioned costs: Unknown Compliance requirement: Subrecipient monitoring Condition—The Governor’s Office of Strategic Planning and Budgeting (Office) awarded $135.1 million to 334 SLFRF program subrecipients and $10.2 million to 10 GEER program subrecipients during fiscal year 2023, or 88 percent and 98 percent, respectively, of each of the Office’s federal program expenditures, but did not perform all required risk assessments to assess whether its monitoring procedures were sufficient to evaluate whether subrecipients used program monies in accordance with the award terms and program requirements. Specifically, risk assessments were not performed for 37 of 42 SLFRF program subrecipients and 5 of 5 GEER program subrecipients tested. Effect—The Office’s delay in performing required risk assessments did not allow the Office to properly design and prioritize its monitoring efforts, resulting in the Office not timely identifying questioned costs of approximately $1,903,858 for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements.1 The Office identified several of these questioned costs as potentially inappropriate and has forwarded this information to the Attorney General’s Office for further review. As a result, the Office may be required to return these monies to the federal agency in accordance with Uniform Guidance requirements.2 Further, if monies were spent inconsistent with program requirements, those who were intended to benefit from the program may not have received all the services or other benefits they otherwise would have received. Subrecipient program expenditures are not related to the revenue loss expenditure category. Cause—Office management reported that it hired additional staff in fiscal year 2023 to begin addressing issues noted in prior year findings 2022-104 and 2022-10 but had not done so in time to complete required risk assessments for the more than 300 SLFRF program and 10 GEER program subrecipients.3 Criteria—Federal regulation requires the Office to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments. This federal regulation also provides that monitoring procedures may include reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [e]). Further, Office policy requires an annual risk assessment of open, active subawards to determine which subawards will be selected for review and monitoring priority (Grants Management Manual – Grantor, Chapter 8 – Award Monitoring). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Office should: 1. Ensure it performs required monitoring of its subrecipients and their compliance with the award terms and program requirements by following its established policies and procedures to assess the risk of each subrecipient’s noncompliance annually and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on site reviews, selective audits, and/or other monitoring procedures. 2. Continue to assess its resources, such as staffing, to perform required risk assessments and monitoring procedures to comply with the award terms and program requirements. 3. Work with the federal agency and the subrecipients to resolve the $1,903,858 of program monies that may have been spent in violation of its federal award terms and that may need to be returned to the federal agency.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year findings 2022-104 (GEER) and 2022-106 (SLFRF) and were initially reported in fiscal years 2021 (GEER) and 2022 (SLFRF). 1 The Office reported during fiscal year 2024 it began performing missing risk assessments for subrecipients awarded monies during fiscal years 2022 and 2023 that were not completed by June 30, 2023, and is currently conducting additional onsite monitoring or desk reviews based on those results. As of the report date, December 17, 2024, the Office identified and reported to us approximately $1,903,858 of expenditures for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements. Since the Office is still performing monitoring procedures for subaward monies spent during fiscal year 2023, there may be additional questioned costs that the Office has not identified. 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 3 Arizona Auditor General. (2023). State of Arizona June 30, 2022, Single Audit Report. Phoenix, AZ. Retrieved 08/13/2024 from https://www.azauditor.gov/sites/default/files/2024-01/StateOfArizonaJune30_2022SingleAudit.pdf
Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Subrecipient monitoring Questioned costs: Unknown Condition—The Department of Economic Security (Department) awarded $3.3 million to 11 subrecipients during fiscal year 2023, or 8.3 percent of the Department’s $40.2 million of total federal expenditures for this federal program, but did not perform the required monitoring of the subrecipients’ activities or compliance with the award terms and program requirements. Further, the Department improperly classified $2.4 million of contractor expenditures, or 6 percent of the program’s total federal expenditures, as subrecipient expenditures on the State’s initial schedule of expenditures of federal awards (SEFA). Effect—The Department’s failure to perform required monitoring increased the risk that the $3.3 million of program monies the Department awarded to subrecipients may not have been spent in accordance with the award terms and program or contract requirements. Further, the Department’s not properly reporting contractor versus subrecipient expenditures on the SEFA increased the risk that subrecipients are not properly identified and monitored by the Department. If monies are spent inconsistent with program and contract requirements, those who were intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Further, although the Department corrected the subrecipient misclassification error before the State issued its Single Audit Report, there is an increased risk that the State’s SEFA could contain significant errors and misinform those who are relying on the information. Cause—The Department lacked entity-wide subrecipient-monitoring policies and procedures for its divisions to follow and instead relied on each division administering the program to design and implement its own subrecipient-monitoring procedures. However, of the 2 Department divisions administering the program, 1 was not aware of the subrecipient-monitoring requirements, and the other did not follow its subrecipient-monitoring policies and procedures, as follows: • The Child and Community Services Division (CCSD) personnel responsible for monitoring 5 subrecipients reported that they were not aware of the program’s subrecipient-monitoring requirements because of the program manager being on extended leave, turnover in staff knowledgeable of these requirements, and lack of established policies and procedures over monitoring the program’s subrecipients’ activities. Further, neither the Department nor the CCSD personnel responsible for identifying subrecipients provided guidance to CCSD personnel responsible for subrecipient monitoring. • The CCSD personnel responsible for monitoring 6 subrecipients reported that they did not follow CCSD’s procedures for monitoring the program’s subrecipients’ activities because they were short-staffed and prioritized monitoring other federal and State grants’ subrecipients’ activities. Further, the incorrect determination and reporting of a subrecipient relationship on the initial SEFA resulted from the Department’s entity-wide form used to determine whether other parties receiving program monies had the role of a subrecipient or contractor lacking detailed guidance for determining the characteristics that support a subrecipient versus a contractor relationship. Criteria—Federal regulation requires the Department to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments; reviewing financial and performance reports, verifying single audits were conducted timely; following up on and ensuring corrective action is taken on audit findings that could potentially affect the program; and issuing a management decision for audit findings pertaining to the federal award. Those federal regulations also provide that monitoring procedures may include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [d–e]). Further, federal regulation requires the Department to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program’s requirements that the Division should monitor (2 CFR §200.331). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Perform required monitoring of its subrecipients and their compliance with the award terms and program requirements. 2. Properly classify and report subrecipient expenditures on the State’s SEFA. 3. Develop, implement, and train all divisions on entity-wide written subrecipient-monitoring policies and procedures requiring all divisions to: a. Assess the risk of each subrecipient’s noncompliance and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Verify subrecipients receive timely single audits, if required; follow up on and ensure that corrective action is taken on any audit findings that could potentially affect the program; and issue management decisions for any audit findings pertaining to the federal award. c. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. 4. Allocate sufficient resources, such as staffing, to comply with the award terms and program requirements, and designate individuals within each division to perform necessary subrecipient-monitoring procedures. 5. Update the form it uses to determine whether other parties receiving program monies have the role of a subrecipient or contractor to include guidance for how to determine each characteristic of a subrecipient and contractor relationship and require a conclusion to be documented. In addition, train staff to properly complete the form and perform supervisory reviews of it. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
Assistance Listings number and name: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds (SLFRF) Award number and year: None Federal agency: U.S. Department of the Treasury Questioned costs: $1,903,858 Assistance Listing number and name: 84.425C COVID-19 Education Stabilization Fund – Governor’s Emergency Education Relief (GEER) Fund Award numbers and years: S425C200052, June 2, 2020 through September 30, 2022; S425C210052, January 8, 2021 through September 30, 2023 Federal agency: U.S. Department of Education Questioned costs: Unknown Compliance requirement: Subrecipient monitoring Condition—The Governor’s Office of Strategic Planning and Budgeting (Office) awarded $135.1 million to 334 SLFRF program subrecipients and $10.2 million to 10 GEER program subrecipients during fiscal year 2023, or 88 percent and 98 percent, respectively, of each of the Office’s federal program expenditures, but did not perform all required risk assessments to assess whether its monitoring procedures were sufficient to evaluate whether subrecipients used program monies in accordance with the award terms and program requirements. Specifically, risk assessments were not performed for 37 of 42 SLFRF program subrecipients and 5 of 5 GEER program subrecipients tested. Effect—The Office’s delay in performing required risk assessments did not allow the Office to properly design and prioritize its monitoring efforts, resulting in the Office not timely identifying questioned costs of approximately $1,903,858 for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements.1 The Office identified several of these questioned costs as potentially inappropriate and has forwarded this information to the Attorney General’s Office for further review. As a result, the Office may be required to return these monies to the federal agency in accordance with Uniform Guidance requirements.2 Further, if monies were spent inconsistent with program requirements, those who were intended to benefit from the program may not have received all the services or other benefits they otherwise would have received. Subrecipient program expenditures are not related to the revenue loss expenditure category. Cause—Office management reported that it hired additional staff in fiscal year 2023 to begin addressing issues noted in prior year findings 2022-104 and 2022-10 but had not done so in time to complete required risk assessments for the more than 300 SLFRF program and 10 GEER program subrecipients.3 Criteria—Federal regulation requires the Office to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient’s noncompliance and monitoring activities based on those risk assessments. This federal regulation also provides that monitoring procedures may include reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures (2 CFR §200.332[b] and [e]). Further, Office policy requires an annual risk assessment of open, active subawards to determine which subawards will be selected for review and monitoring priority (Grants Management Manual – Grantor, Chapter 8 – Award Monitoring). Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Office should: 1. Ensure it performs required monitoring of its subrecipients and their compliance with the award terms and program requirements by following its established policies and procedures to assess the risk of each subrecipient’s noncompliance annually and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on site reviews, selective audits, and/or other monitoring procedures. 2. Continue to assess its resources, such as staffing, to perform required risk assessments and monitoring procedures to comply with the award terms and program requirements. 3. Work with the federal agency and the subrecipients to resolve the $1,903,858 of program monies that may have been spent in violation of its federal award terms and that may need to be returned to the federal agency.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year findings 2022-104 (GEER) and 2022-106 (SLFRF) and were initially reported in fiscal years 2021 (GEER) and 2022 (SLFRF). 1 The Office reported during fiscal year 2024 it began performing missing risk assessments for subrecipients awarded monies during fiscal years 2022 and 2023 that were not completed by June 30, 2023, and is currently conducting additional onsite monitoring or desk reviews based on those results. As of the report date, December 17, 2024, the Office identified and reported to us approximately $1,903,858 of expenditures for 3 SLFRF program subrecipients that may not have been spent in accordance with program requirements. Since the Office is still performing monitoring procedures for subaward monies spent during fiscal year 2023, there may be additional questioned costs that the Office has not identified. 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 3 Arizona Auditor General. (2023). State of Arizona June 30, 2022, Single Audit Report. Phoenix, AZ. Retrieved 08/13/2024 from https://www.azauditor.gov/sites/default/files/2024-01/StateOfArizonaJune30_2022SingleAudit.pdf