Reference Number: 2022-004 Federal Program Title: HIV Prevention Activities Health Department Based Federal Assistance Listing Number: 93.940 Federal Agency: U.S. Department of Health and Human Services Pass-Through Entity: N/A Federal Award Number and Year: 5 NU62PS924619-02-00, 5 NU62SP924619-03-00, 5 NU62PS924569-04-00, 6 NU62PS924569-05-03; Fiscal Year 2021-22 Name of Department: Department of Public Health Category of Finding: Subrecipient Monitoring Criteria In accordance with Title 2 U.S. Code of Federal Regulations (CFR) ?200.332, all pass-through entities (PTE) must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: (1) Federal award identification: (i.) Subrecipient name (which must match the name associated with its unique entity identifier); (ii.) Subrecipient's unique entity identifier; (iii.) Federal Award Identification Number (FAIN); (iv.) Federal Award Date (see the definition of Federal award date in ? 200.1 of this part) of award to the recipient by the Federal agency; (v.) Subaward Period of Performance Start and End Date; (vi.) Subaward Budget Period Start and End Date; (vii.) Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; (viii.) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; (ix.) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (x.) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi.) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; (xii.) Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (xiii.) Identification of whether the award is R&D; and (xiv.) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per ? 200.414. Condition During our audit of the HIV Prevention Activities Health Department Based program, we selected nine (9) subrecipients with active contracts with the Department of Public Health (DPH) during FY 2021-22 and noted that one or more of the required elements defined in 2 CFR ?200.332 (a)(1) were not included for one (1) subrecipient. Cause It was an oversight that DPH did not communicate and inform one of its subrecipients about their subaward. Effect Failure to provide all the required subaward information may result in subrecipients incorrectly reporting on federal pass-through awards in their Single Audit reports. Questioned Costs Questioned costs were not determinable. Context For the nine (9) subrecipients selected for testing, which totaled $3,920,284 from a population of fifty-two (52) subrecipients with expenditures totaling $7,279,260, DPH did not communicate all of the required subaward data elements for one (1) subrecipient. The sample was not a statistically valid sample. Recommendation We recommend that for the subrecipient that was not provided the required elements, DPH provide a letter or amended agreement to include all the required elements of 2 CFR ?200.332(a).
See Schedule of Findings and Questioned Costs for chart/table. Condition During our audit, we examined a non statistical sample of three subawards and noted untimely evaluation of the subrecipients? risk of noncompliance for two subawards. Criteria 2 CFR Section 200.332(b) requires a pass-through entity to evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. Effect Without evaluating the subrecipient?s risk of noncompliance and determining the appropriate subrecipient monitoring procedures necessary, the State may not be providing the appropriate level of monitoring over its subrecipients. Cause and View of Responsible Officials Due to resource constraints in Office of Federal Awards Management (OFAM), the program personnel were unable to perform the subrecipients? risk of noncompliance in a timely manner. Recommendation We recommend that program management ensure that program personnel are familiar with all grant requirements, including compliance with 2 CFR Part 200 which requires the reporting of all necessary federal award information to subrecipients and risk assessments of subrecipients. Management should develop procedures that ensure the State?s responsibilities as a pass-through entity are fulfilled, including a formal analysis of each subrecipient?s risk of noncompliance with each of the respective subaward requirements. This evaluation of risk may include consideration of such factors as the following: The subrecipient?s prior experience with the same or similar subawards; The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; Whether the subrecipient has new personnel or new or substantially changed systems; and The extent and results of federal awarding agency monitoring.
See Schedule of Findings and Questioned Costs for chart/table. Condition During our audit, we examined a non statistical sample of two subawards and found no evidence of evaluation of the subrecipients? risk of noncompliance at the time of the subawards. Criteria 2 CFR Section 200.332(b) requires a pass-through entity to evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. Effect Without evaluating the subrecipient?s risk of noncompliance and determining the appropriate subrecipient monitoring procedures necessary, the State may not be providing the appropriate level of monitoring over its subrecipients. Cause and View of Responsible Officials Due to resource constraints in OFAM, the program personnel were unable to perform the subrecipients? risk of noncompliance in a timely manner. Recommendation We recommend that program management ensure that program personnel are familiar with all grant requirements, including compliance with 2 CFR Part 200 which requires the reporting of all necessary federal award information to subrecipients and risk assessments of subrecipients. Management should develop procedures that ensure the State?s responsibilities as a pass-through entity are fulfilled, including a formal analysis of each subrecipient?s risk of noncompliance with each of the respective subaward requirements. This evaluation of risk may include consideration of such factors as the following: The subrecipient?s prior experience with the same or similar subawards; The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; Whether the subrecipient has new personnel or new or substantially changed systems; and The extent and results of federal awarding agency monitoring.
See Schedule of Findings and Questioned Costs for chart/table. Condition During our audit, we examined a non statistical sample of seven subawards and found no evidence of evaluation of the subrecipients? risk of noncompliance at the time of the subaward for one of the subawards tested. Criteria 2 CFR Section 200.332(b) requires a pass-through entity to evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. Effect Without evaluating the subrecipient?s risk of noncompliance and determining the appropriate subrecipient monitoring procedures necessary, the State may not be providing the appropriate level of monitoring over its subrecipients. Cause and View of Responsible Officials Due to resource constraints within OFAM, program personnel were unable to perform the subrecipient?s risk of noncompliance in a timely matter. Recommendation We recommend that program management ensure that program personnel are familiar with all grant requirements, including compliance with 2 CFR Part 200, which requires the reporting of all necessary federal award information to subrecipients and risk assessments of subrecipients. Management should develop procedures that ensure the State department?s responsibilities as a pass-through entity are fulfilled, including a formal analysis of each subrecipient?s risk of noncompliance with each of the respective subaward requirements. This evaluation of risk may include consideration of such factors as the following: The subrecipient?s prior experience with the same or similar subawards; The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; Whether the subrecipient has new personnel or new or substantially changed systems; and The extent and results of federal awarding agency monitoring.
The Warren County Fiscal Court Failed To Implement Adequate Internal Controls Over Subrecipient Monitoring Federal Program: 21.027 COVID-19 - Coronavirus State And Local Fiscal Recovery Funds Award Number and Year: 1505-0271 2021 Name of Federal Agency and Pass-Thru Agency (if applicable): U.S. Department of the Treasury Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness Amount of Questioned Costs: None Opinion Modification (if applicable): Yes, Qualified COVID Related: Yes The Warren County Fiscal Court failed to implement adequate internal controls over subrecipient monitoring. The fiscal court granted a subaward of Coronavirus State And Local Fiscal Recovery Funds to Live the Dream Development, Inc. in the amount of $1,000,000 for an affordable housing project. As a requirement of the subaward, the subrecipient is required to submit quarterly progress and financial reports to the fiscal court. The fiscal court did not receive any quarterly subrecipient progress or financial reports during the 2021-2022 fiscal year. Awards unspent as of December 31, 2024 are required to be returned to the Warren County Fiscal Court. The award of $1,000,000 was paid on February 14, 2022. Subrecipient reports were not submitted by the subrecipient for quarters ending on March 31, 2022 or June 30, 2022. This was caused by an oversight of the fiscal court. The county treasurer was unaware that reports needed to be submitted to the fiscal court even if none of the funds have been spent by the subrecipient. The treasurer was under the assumption that the project had not been started as of June 30, 2022. By not receiving adequate subrecipient monitoring documentation, the fiscal court is unable to document their supervision of the subaward to the agency to ensure requirements for the federal monies are being followed. Additionally, unallowable activities could go unnoticed due to the lack of oversight. In addition, the opinion was modified. 2 CFR 200.332 lists the requirements for pass-through entities. 2 CFR 220.332(d) requires all pass-through entities to ?Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity.? Additionally, 2 CFR 200.501(a) states ?A non-federal entity that expends $750,000 or more during the non-Federal entity's fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part.? This is not a repeat finding from the previous year.
2022 ? 001 Federal Agency: U.S. Department of the Treasury Federal Program Name: Coronavirus Relief Fund Assistance Listing Number: 21.019 Federal Award Identification Number and Year: SLT0198 Pass-Through Agency: County of Los Angeles Pass-Through Number: Unknown Award Period: March 1, 2020 through December 31, 2021 Type of Finding: ? Significant Deficiency in Internal Control over Compliance ? Other Matters Criteria or specific requirement: A pass-through entity (PTE) must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: ? Reviewing financial and programmatic (performance and special reports) required by the PTE. ? Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. ? Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Condition: During our testing, we noted LAHSA did not have adequate internal controls designed to properly monitor its? subrecipients. Questioned costs: Unable to determine. Context: During our testing of subrecipient monitoring, it was noted that LAHSA did not monitor 1 out of 8 subrecipients tested. The subrecipient received $169,035 for the fiscal year ended June 30, 2022. Cause: LAHSA's new subrecipient monitoring process was not implemented until January 2022. At that time, the subrecipients that were not monitored did not have an active contract with federal funding. As such, they were deemed to be low risk. LAHSA does not have a policy in place to ensure that the subrecipient monitoring plan and risk assessment is revisited throughout the year to ensure new contracts are assessed and monitored appropriately. Effect: LAHSA did not perform required monitoring over subrecipients of federal funding. The lack of internal controls over this compliance requirement provides an opportunity for noncompliance by subrecipients of the grant. Repeat Finding: Yes. Recommendation: We recommend LAHSA implements controls to ensure that the subrecipient monitoring plan is revisited at the time contracts are entered into in order to ensure proper coverage. Views of responsible officials: There is no disagreement with the audit finding.
2022-024 Oregon Housing and Community Services Subrecipients need to be monitored to ensure compliance with procurement standards Federal Awarding Agency: U.S. Department of Housing and Urban Development Assistance Listing Number and Name: 14.231 Emergency Solutions Grants Program (COVID-19) Federal Award Numbers and Years: E-20-DW-41-0001, 2020 (COVID-19) Compliance Requirement: Procurement, and Suspension and Debarment Type of Finding: Significant Deficiency; Noncompliance Prior Year Finding: N/A Questioned Costs: N/A Criteria: 2 CFR 200.317 - .327; 2 CFR 200.332(d) Federal regulations state that non-federal entities, including subrecipients, are required to have and use procurement procedures consistent with state and local laws and regulations and that conform to the federal procurement standards identified in 2 CFR 200.317 - .327. Pass-through entities, like the department, are required to monitor subrecipients for compliance with federal regulations and the terms and conditions of the award. Inquiries and testing determined the department?s fiscal monitoring procedures, which normally include review of compliance with procurement standards, were not fully performed during the fiscal year and only 6 of 45 subrecipients were reviewed. As a result, subrecipients could be out of compliance with procurement requirements. We recommend the department ensure subrecipients are monitored for compliance with procurement requirements.
2022-063 Oregon Department of Transportation Consistency needed when providing required federal award information to subrecipients Federal Awarding Agency: U.S. Department of Transportation Assistance Listing Number and Name: 20.205 Highway Planning and Construction Federal Award Numbers and Years: Various Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency, Noncompliance Prior Year Finding: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332(a)(1) Federal regulations require pass-through entities to ensure every subaward is clearly identified to the subrecipient as a subaward and includes certain required information. We examined 17 subrecipient awards to ensure the information required under 2 CFR 200.332(a)(1) was communicated at the time of the subaward. Each award examined was missing one or more of the required elements: ? 15 samples did not include the subrecipient?s Unique Entity Identifier or DUNS number; ? 7 samples did not provide the Federal Award Identification Number (FAIN); ? 5 samples did not provide the Federal Award date; and ? 1 sample did not provide the correct assistance listing number. The required award information is necessary for the subrecipient to accurately report the subaward information in its accounting records and on the schedule of expenditure of federal awards. Procedures to communicate award information are not consistently followed across the department and as a result do not ensure that all the required award information is communicated. Specifically, some required information is included in the Federal Project Agreement from the Federal Management Information System (FMIS), but not all managers were aware it needed to be provided. In many cases an exhibit was included with the agreement that could have provided all the required information, but the exhibit was not completed. We recommend the department adopt procedures for preparing subaward agreements that ensure all required information is provided to subrecipients at the time of the subaward.
2022-063 Oregon Department of Transportation Consistency needed when providing required federal award information to subrecipients Federal Awarding Agency: U.S. Department of Transportation Assistance Listing Number and Name: 20.205 Highway Planning and Construction Federal Award Numbers and Years: Various Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency, Noncompliance Prior Year Finding: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332(a)(1) Federal regulations require pass-through entities to ensure every subaward is clearly identified to the subrecipient as a subaward and includes certain required information. We examined 17 subrecipient awards to ensure the information required under 2 CFR 200.332(a)(1) was communicated at the time of the subaward. Each award examined was missing one or more of the required elements: ? 15 samples did not include the subrecipient?s Unique Entity Identifier or DUNS number; ? 7 samples did not provide the Federal Award Identification Number (FAIN); ? 5 samples did not provide the Federal Award date; and ? 1 sample did not provide the correct assistance listing number. The required award information is necessary for the subrecipient to accurately report the subaward information in its accounting records and on the schedule of expenditure of federal awards. Procedures to communicate award information are not consistently followed across the department and as a result do not ensure that all the required award information is communicated. Specifically, some required information is included in the Federal Project Agreement from the Federal Management Information System (FMIS), but not all managers were aware it needed to be provided. In many cases an exhibit was included with the agreement that could have provided all the required information, but the exhibit was not completed. We recommend the department adopt procedures for preparing subaward agreements that ensure all required information is provided to subrecipients at the time of the subaward.
2022-025 Oregon Housing and Community Services Perform fiscal monitoring for subrecipients administrative expenditures to ensure compliance Federal Awarding Agency: U.S. Department of the Treasury Assistance Listing Number and Name: 21.023 Emergency Rental Assistance Program (COVID-19) Federal Award Numbers and Years: ERA 1, 2021 (COVID-19) Compliance Requirement: Activities Allowed or Unallowed; Allowable Costs/Cost Principles Type of Finding: Material Weakness; Material Noncompliance Prior Year Finding: N/A Questioned Costs: $121,463 (known) (COVID-19) Criteria: 2 CFR 200.332(a)(5) and (d) Department management is responsible for monitoring the activities of subrecipients to ensure subawards are used for authorized purposes and in compliance with federal requirements. Additionally, department management is responsible for communicating to subrecipients that they are required to permit the department and auditors access to their records as necessary to ensure the department is in compliance with program requirements. The department passed through program funds to community action agencies (subrecipients) to provide program delivery, including administrative costs. The department performed fiscal monitoring for only five of their 18 subrecipients during the audit period due to staff turnover. Fiscal monitoring includes procedures to address compliance with activities allowed and allowable cost requirements for administrative costs. Due to the limited fiscal monitoring performed, auditors performed additional procedures at the subrecipient level to determine whether the department was compliant with program requirements. We tested a total of 82 transactions, 70 randomly selected and 12 judgmentally selected from the 13 subrecipients that did not receive subrecipient monitoring during the fiscal year. We noted the following: ? One subrecipient did not respond to audit requests for documentation, resulting in an inability to test four transactions totaling $4,114. ? One subrecipient did not provide sufficiently detailed documentation to determine whether 7 transactions were for accurate amounts totaling $117,349. Of those seven transactions, we were unable to determine whether two transactions were for allowable activities or appropriately categorized as administrative expenditures. Without adequate monitoring of subrecipients, the department?s ability to ensure compliance with program requirements is diminished. We recommend department management perform fiscal monitoring to ensure subrecipients are expending administrative funds in accordance with program requirements.
2022-026 Oregon Housing and Community Services Department Implement program monitoring over client assistance payments to ensure compliance Federal Awarding Agency: U.S. Department of the Treasury Assistance Listing Number and Name: 21.023 Emergency Rental Assistance Program (COVID-19) Federal Award Numbers and Years: ERA 1, 2021; ERA 2, 2021 (COVID-19) Compliance Requirement: Activities Allowed or Unallowed; Eligibility Type of Finding: Material Weakness; Material Noncompliance Prior Year Finding: N/A Questioned Costs: $21,624 (known); $11,067,350 (likely) (COVID-19) Criteria: 2 CFR 200.332(d); 2 CFR 200.501(g) Department management is responsible for monitoring the activities of subrecipients to ensure subawards are used for authorized purposes and are compliant with federal requirements. Additionally, department management is responsible for ensuring compliance when a contractor is responsible for program compliance or the contractor?s records must be reviewed to determine program compliance. The department provided $140 million and $46 million of phase one program funds to community action agencies (subrecipients) and a third-party vendor (contractor) to provide program delivery, respectively; and $132 million phase two program funds to only the contractor. Program delivery included determining client eligibility and making payments for direct client assistance for rent, utilities, internet, and other housing related costs. During implementation of the program, the department provided program manuals to the subrecipients and contractor. Due to the department?s limited staff, they focused on updating policies and procedures to address systemic issues identified; however, if a particularly challenging application required the department?s review, they were available to provide direct assistance. The department did not implement any predefined, systemic program monitoring of the subrecipients or contractor to ensure direct client assistance payments were paid to only eligible clients for only allowable and supported amounts. Therefore, auditors performed additional procedures at the subrecipient and contractor level to determine whether direct client assistance payments were paid to eligible clients for allowable activities. We tested a total of 62 randomly selected direct client assistance payments at 16 subrecipients totaling $183,515, and found the following: ? One subrecipient did not respond to audit requests for documentation, resulting in an inability to test one transaction in the amount of $360. ? One subrecipient did not obtain documentation to support that there was a lease agreement in place, resulting in questioned costs of $5,775. When extrapolated to the total population, these errors result in over $2.3 million in likely questioned costs. We tested 61 randomly selected contractor direct client assistance payments totaling $374,274, and found the following: ? One payment where an incorrect landlord was paid in the amount of $2,700. Attempts to recover the funds have been unsuccessful as of the date of the finding. ? Two payments where the rental amount was doubled, resulting in overpayments totaling $5,910. ? Seven payments where amounts already paid were not accurately reflected in the calculation of assistance provided, resulting in overpayments totaling $4,191. ? Three payments where amounts did not agree to supporting documentation, resulting in overpayments of $2,181. ? Three payments where there was insufficient documentation for amounts paid, resulting in overpayments of $432. ? One payment where costs were paid for the same household on alternate applications, resulting in an overpayment of $73. When extrapolated to the total population, these errors result in over $8.7 million in likely questioned costs. We recommend department management implement predefined, systemic program monitoring to ensure the subrecipients and contractor are administering program funds in accordance with program requirements.
2022-029 Oregon Housing and Community Services Ensure accessible documentation to evidence compliance with program requirements Federal Awarding Agency: U.S. Department of the Treasury Assistance Listing Number and Name: 21.023 Emergency Rental Assistance Program (COVID-19) Federal Award Numbers and Years: ERA 1, 2021 (COVID-19) Compliance Requirement: Activities Allowed or Unallowed; Allowable Costs/Cost Principles; Eligibility Type of Finding: Material Weakness Prior Year Finding: N/A Questioned Costs: N/A Criteria: 2 CFR 200.302(a); 2 CFR 200.332(a)(5) Department management is responsible for communicating to subrecipients that they are required to permit the department and auditors access to their records as necessary to ensure the department is compliant with program requirements. To ensure compliance with program requirements, subrecipient records must also be sufficiently detailed. The department passed through $140 million phase one program funds to community action agencies (subrecipients) to provide program delivery. The department performed limited fiscal monitoring during the audit period which included procedures to address compliance with activities allowed and allowable cost requirements for administrative costs. The department did not perform any program monitoring during the audit period which primarily addresses compliance with eligibility requirements. To determine whether the department complied with program requirements for the fiscal year, auditors attempted to reconcile detailed subrecipient ledgers with the intent of selecting and testing sample items at each individual subrecipient organization. We noted issues with two individual subrecipients, resulting in an inability to perform testing procedures over a total of $21,438,521 in program expenditures. For the first subrecipient we were able to reconcile their detailed ledgers to the department?s financial records, however their detailed ledger included pass-through payments to a third organization for program delivery. As a result of the combination of direct and pass-through payments, we were unable to obtain sufficiently detailed data that also reconciled to the department?s financial records to select individual transactions for testing. This subrecipient represents $19,877,962 of the unaudited expenditures. For the second subrecipient we were able to reconcile their detailed ledgers to the department?s financial records and select administrative and program transactions for testing. However, the subrecipient was unresponsive to documentation requests to substantiate expenditures. This subrecipient accounted for $1,560,559 of the unaudited expenditures. We recommend department management obtain and reconcile sufficiently detailed subrecipient ledgers and support to substantiate expenditures to allow for fiscal and program monitoring to ensure subrecipients are administering program funds in accordance with program requirements.
2022-066 Oregon Department of Education Improve subrecipient monitoring procedures Federal Awarding Agency: U.S. Department of Education Assistance Listing Number and Name: 84.425C, 84.425D, 84.425U & 84.425W Education Stabilization Fund (COVID-19) Federal Award Numbers and Years: S425C200048; 2020 (COVID-19), S425D200049; 2020 (COVID-19), S425C210048; 2021 (COVID-19), S425D210049; 2021 (COVID-19), S425U210049; 2021 (COVID-19), S425W210038; 2021 (COVID-19) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency; Noncompliance Prior Year Finding: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332 Federal regulations require the department to evaluate each subrecipients risk of noncompliance with Federal statues, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate monitoring to perform. In addition, the department should monitor the activities of the subrecipients receiving funds to ensure the subaward is used for authorized purposes, is in compliance with Federal statutes, regulations, and the terms and condition of the subaward; and the subaward performance goals are achieved. Depending on the department risk assessment, which was not performed, the department could perform various monitoring tools to ensure accountability and compliance. As of June 30, 2022, the department was still in the process of drafting and implementing a plan to monitor the funds. The department had not completed a risk assessment process of the local educational agencies (LEA) for these funds and stated it planned to begin some desk or on-site monitoring in Spring 2023. $522 million in funds have been passed through to subrecipients as of June 30, 2022. The department required LEA?s to submit applications to receive funds and sign agreements that outlined all federal requirements. In addition, the department also required the LEA?s to complete a reimbursement request form that contains general ledger detail but no additional support is provided. According to the department, it follows-up with a LEA if funds appear to be ineligible or other questions are raised. Finally, although LEAs programs may have had a single audit the department could not provide a list of which LEAs had audits and whether there were findings or not. In fiscal year 2021, the department was also working to finalize its risk assessment and monitoring plans. However, the department experienced staff turnover which delayed its plans. Insufficient subrecipient monitoring increases the risk of not timely identifying subrecipients that are not administering federal awards in compliance with federal requirements. We recommend department management complete its risk assessment, consider the results of LEAs single audits and perform desk or on-site monitoring as necessary.
2022-066 Oregon Department of Education Improve subrecipient monitoring procedures Federal Awarding Agency: U.S. Department of Education Assistance Listing Number and Name: 84.425C, 84.425D, 84.425U & 84.425W Education Stabilization Fund (COVID-19) Federal Award Numbers and Years: S425C200048; 2020 (COVID-19), S425D200049; 2020 (COVID-19), S425C210048; 2021 (COVID-19), S425D210049; 2021 (COVID-19), S425U210049; 2021 (COVID-19), S425W210038; 2021 (COVID-19) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency; Noncompliance Prior Year Finding: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332 Federal regulations require the department to evaluate each subrecipients risk of noncompliance with Federal statues, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate monitoring to perform. In addition, the department should monitor the activities of the subrecipients receiving funds to ensure the subaward is used for authorized purposes, is in compliance with Federal statutes, regulations, and the terms and condition of the subaward; and the subaward performance goals are achieved. Depending on the department risk assessment, which was not performed, the department could perform various monitoring tools to ensure accountability and compliance. As of June 30, 2022, the department was still in the process of drafting and implementing a plan to monitor the funds. The department had not completed a risk assessment process of the local educational agencies (LEA) for these funds and stated it planned to begin some desk or on-site monitoring in Spring 2023. $522 million in funds have been passed through to subrecipients as of June 30, 2022. The department required LEA?s to submit applications to receive funds and sign agreements that outlined all federal requirements. In addition, the department also required the LEA?s to complete a reimbursement request form that contains general ledger detail but no additional support is provided. According to the department, it follows-up with a LEA if funds appear to be ineligible or other questions are raised. Finally, although LEAs programs may have had a single audit the department could not provide a list of which LEAs had audits and whether there were findings or not. In fiscal year 2021, the department was also working to finalize its risk assessment and monitoring plans. However, the department experienced staff turnover which delayed its plans. Insufficient subrecipient monitoring increases the risk of not timely identifying subrecipients that are not administering federal awards in compliance with federal requirements. We recommend department management complete its risk assessment, consider the results of LEAs single audits and perform desk or on-site monitoring as necessary.
2022-066 Oregon Department of Education Improve subrecipient monitoring procedures Federal Awarding Agency: U.S. Department of Education Assistance Listing Number and Name: 84.425C, 84.425D, 84.425U & 84.425W Education Stabilization Fund (COVID-19) Federal Award Numbers and Years: S425C200048; 2020 (COVID-19), S425D200049; 2020 (COVID-19), S425C210048; 2021 (COVID-19), S425D210049; 2021 (COVID-19), S425U210049; 2021 (COVID-19), S425W210038; 2021 (COVID-19) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency; Noncompliance Prior Year Finding: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332 Federal regulations require the department to evaluate each subrecipients risk of noncompliance with Federal statues, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate monitoring to perform. In addition, the department should monitor the activities of the subrecipients receiving funds to ensure the subaward is used for authorized purposes, is in compliance with Federal statutes, regulations, and the terms and condition of the subaward; and the subaward performance goals are achieved. Depending on the department risk assessment, which was not performed, the department could perform various monitoring tools to ensure accountability and compliance. As of June 30, 2022, the department was still in the process of drafting and implementing a plan to monitor the funds. The department had not completed a risk assessment process of the local educational agencies (LEA) for these funds and stated it planned to begin some desk or on-site monitoring in Spring 2023. $522 million in funds have been passed through to subrecipients as of June 30, 2022. The department required LEA?s to submit applications to receive funds and sign agreements that outlined all federal requirements. In addition, the department also required the LEA?s to complete a reimbursement request form that contains general ledger detail but no additional support is provided. According to the department, it follows-up with a LEA if funds appear to be ineligible or other questions are raised. Finally, although LEAs programs may have had a single audit the department could not provide a list of which LEAs had audits and whether there were findings or not. In fiscal year 2021, the department was also working to finalize its risk assessment and monitoring plans. However, the department experienced staff turnover which delayed its plans. Insufficient subrecipient monitoring increases the risk of not timely identifying subrecipients that are not administering federal awards in compliance with federal requirements. We recommend department management complete its risk assessment, consider the results of LEAs single audits and perform desk or on-site monitoring as necessary.
2022-066 Oregon Department of Education Improve subrecipient monitoring procedures Federal Awarding Agency: U.S. Department of Education Assistance Listing Number and Name: 84.425C, 84.425D, 84.425U & 84.425W Education Stabilization Fund (COVID-19) Federal Award Numbers and Years: S425C200048; 2020 (COVID-19), S425D200049; 2020 (COVID-19), S425C210048; 2021 (COVID-19), S425D210049; 2021 (COVID-19), S425U210049; 2021 (COVID-19), S425W210038; 2021 (COVID-19) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency; Noncompliance Prior Year Finding: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332 Federal regulations require the department to evaluate each subrecipients risk of noncompliance with Federal statues, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate monitoring to perform. In addition, the department should monitor the activities of the subrecipients receiving funds to ensure the subaward is used for authorized purposes, is in compliance with Federal statutes, regulations, and the terms and condition of the subaward; and the subaward performance goals are achieved. Depending on the department risk assessment, which was not performed, the department could perform various monitoring tools to ensure accountability and compliance. As of June 30, 2022, the department was still in the process of drafting and implementing a plan to monitor the funds. The department had not completed a risk assessment process of the local educational agencies (LEA) for these funds and stated it planned to begin some desk or on-site monitoring in Spring 2023. $522 million in funds have been passed through to subrecipients as of June 30, 2022. The department required LEA?s to submit applications to receive funds and sign agreements that outlined all federal requirements. In addition, the department also required the LEA?s to complete a reimbursement request form that contains general ledger detail but no additional support is provided. According to the department, it follows-up with a LEA if funds appear to be ineligible or other questions are raised. Finally, although LEAs programs may have had a single audit the department could not provide a list of which LEAs had audits and whether there were findings or not. In fiscal year 2021, the department was also working to finalize its risk assessment and monitoring plans. However, the department experienced staff turnover which delayed its plans. Insufficient subrecipient monitoring increases the risk of not timely identifying subrecipients that are not administering federal awards in compliance with federal requirements. We recommend department management complete its risk assessment, consider the results of LEAs single audits and perform desk or on-site monitoring as necessary.
2022?043 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of Homeland Security Disaster Grants ? Public Assistance (Presidentially Declared Disasters) 97.036/ COVID-19 97.036 Grant Award FEMA?4219-DR?WV Grant Award FEMA?4220-DR?WV Grant Award FEMA?4273-DR?WV Grant Award FEMA?4331-DR?WV Grant Award FEMA?4359-DR?WV Grant Award FEMA?4378-DR?WV Grant Award FEMA?4455-DR?WV Grant Award FEMA?4517-DR?WV Grant Award FEMA?4603-DR?WV Grant Award FEMA?4605-DR?WVCriteria: 2 CFR 200.303 requires that the West Virginia Division of Emergency Management (DEM) must ?(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the comptroller General of the United States and the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR 200.332(b) requires that all pass-through entities must: (b) Evaluate each subrecipient?s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient?s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). Condition: We noted that the DEM did not perform a subrecipient risk assessment. Therefore, DEM was unable to provide documentation supporting that the level of monitoring to be completed for each subrecipient was appropriate based on the risk assessment. DEM only monitored two subrecipients during the year due to limited staffing and no risk assessment being performed. Questioned Costs: Unknown Context: Total federal expenditures and total subrecipient expenditures for the Disaster Grants ? Public Assistance (Presidentially Declared Disasters) program were $96,563,597 and $63,845,975, respectively, for the year ended June 30, 2022. Cause: Although DEM has policies and procedures in place surrounding the subrecipient monitoring compliance requirements, due to staffing issues during the fiscal year, subrecipient risk assessments were not completed and an adequate number of subrecipients were not monitored. Effect: DEM does not have proper internal controls in place to ensure policies and procedures surrounding the subrecipient monitoring compliance requirements are in effect. DEM does not have evidence to support appropriate subrecipient monitoring; therefore, management may not be able to identify issues in a timely manner. Recommendation: We recommend that DEM review policies and procedures for sufficiency and commit the appropriate personnel to subrecipient monitoring to ensure they are in compliance with federal requirements. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
2022?043 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of Homeland Security Disaster Grants ? Public Assistance (Presidentially Declared Disasters) 97.036/ COVID-19 97.036 Grant Award FEMA?4219-DR?WV Grant Award FEMA?4220-DR?WV Grant Award FEMA?4273-DR?WV Grant Award FEMA?4331-DR?WV Grant Award FEMA?4359-DR?WV Grant Award FEMA?4378-DR?WV Grant Award FEMA?4455-DR?WV Grant Award FEMA?4517-DR?WV Grant Award FEMA?4603-DR?WV Grant Award FEMA?4605-DR?WVCriteria: 2 CFR 200.303 requires that the West Virginia Division of Emergency Management (DEM) must ?(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the comptroller General of the United States and the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR 200.332(b) requires that all pass-through entities must: (b) Evaluate each subrecipient?s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient?s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). Condition: We noted that the DEM did not perform a subrecipient risk assessment. Therefore, DEM was unable to provide documentation supporting that the level of monitoring to be completed for each subrecipient was appropriate based on the risk assessment. DEM only monitored two subrecipients during the year due to limited staffing and no risk assessment being performed. Questioned Costs: Unknown Context: Total federal expenditures and total subrecipient expenditures for the Disaster Grants ? Public Assistance (Presidentially Declared Disasters) program were $96,563,597 and $63,845,975, respectively, for the year ended June 30, 2022. Cause: Although DEM has policies and procedures in place surrounding the subrecipient monitoring compliance requirements, due to staffing issues during the fiscal year, subrecipient risk assessments were not completed and an adequate number of subrecipients were not monitored. Effect: DEM does not have proper internal controls in place to ensure policies and procedures surrounding the subrecipient monitoring compliance requirements are in effect. DEM does not have evidence to support appropriate subrecipient monitoring; therefore, management may not be able to identify issues in a timely manner. Recommendation: We recommend that DEM review policies and procedures for sufficiency and commit the appropriate personnel to subrecipient monitoring to ensure they are in compliance with federal requirements. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
2022-006 (2019-015) SUBRECIPIENT MONITORING ? Repeated and Modified Federal Agency: U.S. Department of Homeland Security/FEMA Federal Program Title & Assistance Listing Number: Disaster Grants ? Public Assistance (Presidentially Declared Disasters) - 97.036 Emergency Management Performance Grants ? 97.042 Fire Management Assistance Grants ? 97.046 Pre-Disaster Mitigation ? 97.047 Homeland Security Grant Program ? 97.067 Award Period: Various Type of Finding: Material Weakness in Internal Control over Compliance Material Noncompliance (Modified Opinion) Questioned Costs: None Condition: During our testing, we noted the Department did not have adequate internal controls in place to ensure compliance with subrecipient monitoring. ? All o The Department lacked evidence that a risk assessment was performed for subrecipients as relates to the risk of noncompliance for those subawards subject to the Uniform Guidance. o The Department lacked a process for all federal programs to review the audits of subrecipients that would allow the Department to identify any potential deficiencies that would require follow-up. o The Department lacked a process to ensure timely reporting by subgrantees of financial reporting and performance reporting. Also, the Department lacked a process to ensure timely review of reports submitted by subgrantees. Management?s Progress for Repeated Findings: Management failed to implement adequate controls to resolve the finding from the prior years. Criteria: According to ?200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 Management Decision. Department Policy No. GRA 418 Sub-Grant Recipient Monitoring effective June 30, 2017 establishes and implements policy and procedures for the Department staff engaged in the Department?s sub-grant recipient monitoring process. For Mitigation Sub-Grant Monitoring, the Mitigation Specialist shall review the local progress quarterly reports due to the Department. For Non-Disaster Sub-Grant Recipient Monitoring, the Program Manager shall review the local progress quarterly reports due to the Department. Specific to Pre-Monitoring Requirements and Considerations, Department Program Staff shall perform risk-based assessments and apply the assessment to all of the Department?s approved sub-recipients for monitoring purposes and risk designation. Effect: The auditor noted instances of material noncompliance. Noncompliance results in possible federal funds provided to ineligible subrecipients. Also, the lack of internal controls over this compliance requirement provides an opportunity for noncompliance at the subrecipient level. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. Cause: The program staff continue to not operate under the Sub-Grant Recipient Monitoring effective June 30, 2017. The Department continues to lack established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements.
2022-006 (2019-015) SUBRECIPIENT MONITORING ? Repeated and Modified Federal Agency: U.S. Department of Homeland Security/FEMA Federal Program Title & Assistance Listing Number: Disaster Grants ? Public Assistance (Presidentially Declared Disasters) - 97.036 Emergency Management Performance Grants ? 97.042 Fire Management Assistance Grants ? 97.046 Pre-Disaster Mitigation ? 97.047 Homeland Security Grant Program ? 97.067 Award Period: Various Type of Finding: Material Weakness in Internal Control over Compliance Material Noncompliance (Modified Opinion) Questioned Costs: None Condition: During our testing, we noted the Department did not have adequate internal controls in place to ensure compliance with subrecipient monitoring. ? All o The Department lacked evidence that a risk assessment was performed for subrecipients as relates to the risk of noncompliance for those subawards subject to the Uniform Guidance. o The Department lacked a process for all federal programs to review the audits of subrecipients that would allow the Department to identify any potential deficiencies that would require follow-up. o The Department lacked a process to ensure timely reporting by subgrantees of financial reporting and performance reporting. Also, the Department lacked a process to ensure timely review of reports submitted by subgrantees. Management?s Progress for Repeated Findings: Management failed to implement adequate controls to resolve the finding from the prior years. Criteria: According to ?200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 Management Decision. Department Policy No. GRA 418 Sub-Grant Recipient Monitoring effective June 30, 2017 establishes and implements policy and procedures for the Department staff engaged in the Department?s sub-grant recipient monitoring process. For Mitigation Sub-Grant Monitoring, the Mitigation Specialist shall review the local progress quarterly reports due to the Department. For Non-Disaster Sub-Grant Recipient Monitoring, the Program Manager shall review the local progress quarterly reports due to the Department. Specific to Pre-Monitoring Requirements and Considerations, Department Program Staff shall perform risk-based assessments and apply the assessment to all of the Department?s approved sub-recipients for monitoring purposes and risk designation. Effect: The auditor noted instances of material noncompliance. Noncompliance results in possible federal funds provided to ineligible subrecipients. Also, the lack of internal controls over this compliance requirement provides an opportunity for noncompliance at the subrecipient level. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. Cause: The program staff continue to not operate under the Sub-Grant Recipient Monitoring effective June 30, 2017. The Department continues to lack established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements.
2022-006 (2019-015) SUBRECIPIENT MONITORING ? Repeated and Modified Federal Agency: U.S. Department of Homeland Security/FEMA Federal Program Title & Assistance Listing Number: Disaster Grants ? Public Assistance (Presidentially Declared Disasters) - 97.036 Emergency Management Performance Grants ? 97.042 Fire Management Assistance Grants ? 97.046 Pre-Disaster Mitigation ? 97.047 Homeland Security Grant Program ? 97.067 Award Period: Various Type of Finding: Material Weakness in Internal Control over Compliance Material Noncompliance (Modified Opinion) Questioned Costs: None Condition: During our testing, we noted the Department did not have adequate internal controls in place to ensure compliance with subrecipient monitoring. ? All o The Department lacked evidence that a risk assessment was performed for subrecipients as relates to the risk of noncompliance for those subawards subject to the Uniform Guidance. o The Department lacked a process for all federal programs to review the audits of subrecipients that would allow the Department to identify any potential deficiencies that would require follow-up. o The Department lacked a process to ensure timely reporting by subgrantees of financial reporting and performance reporting. Also, the Department lacked a process to ensure timely review of reports submitted by subgrantees. Management?s Progress for Repeated Findings: Management failed to implement adequate controls to resolve the finding from the prior years. Criteria: According to ?200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 Management Decision. Department Policy No. GRA 418 Sub-Grant Recipient Monitoring effective June 30, 2017 establishes and implements policy and procedures for the Department staff engaged in the Department?s sub-grant recipient monitoring process. For Mitigation Sub-Grant Monitoring, the Mitigation Specialist shall review the local progress quarterly reports due to the Department. For Non-Disaster Sub-Grant Recipient Monitoring, the Program Manager shall review the local progress quarterly reports due to the Department. Specific to Pre-Monitoring Requirements and Considerations, Department Program Staff shall perform risk-based assessments and apply the assessment to all of the Department?s approved sub-recipients for monitoring purposes and risk designation. Effect: The auditor noted instances of material noncompliance. Noncompliance results in possible federal funds provided to ineligible subrecipients. Also, the lack of internal controls over this compliance requirement provides an opportunity for noncompliance at the subrecipient level. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. Cause: The program staff continue to not operate under the Sub-Grant Recipient Monitoring effective June 30, 2017. The Department continues to lack established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements.
2022-006 (2019-015) SUBRECIPIENT MONITORING ? Repeated and Modified Federal Agency: U.S. Department of Homeland Security/FEMA Federal Program Title & Assistance Listing Number: Disaster Grants ? Public Assistance (Presidentially Declared Disasters) - 97.036 Emergency Management Performance Grants ? 97.042 Fire Management Assistance Grants ? 97.046 Pre-Disaster Mitigation ? 97.047 Homeland Security Grant Program ? 97.067 Award Period: Various Type of Finding: Material Weakness in Internal Control over Compliance Material Noncompliance (Modified Opinion) Questioned Costs: None Condition: During our testing, we noted the Department did not have adequate internal controls in place to ensure compliance with subrecipient monitoring. ? All o The Department lacked evidence that a risk assessment was performed for subrecipients as relates to the risk of noncompliance for those subawards subject to the Uniform Guidance. o The Department lacked a process for all federal programs to review the audits of subrecipients that would allow the Department to identify any potential deficiencies that would require follow-up. o The Department lacked a process to ensure timely reporting by subgrantees of financial reporting and performance reporting. Also, the Department lacked a process to ensure timely review of reports submitted by subgrantees. Management?s Progress for Repeated Findings: Management failed to implement adequate controls to resolve the finding from the prior years. Criteria: According to ?200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 Management Decision. Department Policy No. GRA 418 Sub-Grant Recipient Monitoring effective June 30, 2017 establishes and implements policy and procedures for the Department staff engaged in the Department?s sub-grant recipient monitoring process. For Mitigation Sub-Grant Monitoring, the Mitigation Specialist shall review the local progress quarterly reports due to the Department. For Non-Disaster Sub-Grant Recipient Monitoring, the Program Manager shall review the local progress quarterly reports due to the Department. Specific to Pre-Monitoring Requirements and Considerations, Department Program Staff shall perform risk-based assessments and apply the assessment to all of the Department?s approved sub-recipients for monitoring purposes and risk designation. Effect: The auditor noted instances of material noncompliance. Noncompliance results in possible federal funds provided to ineligible subrecipients. Also, the lack of internal controls over this compliance requirement provides an opportunity for noncompliance at the subrecipient level. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. Cause: The program staff continue to not operate under the Sub-Grant Recipient Monitoring effective June 30, 2017. The Department continues to lack established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements.
2022-006 (2019-015) SUBRECIPIENT MONITORING ? Repeated and Modified Federal Agency: U.S. Department of Homeland Security/FEMA Federal Program Title & Assistance Listing Number: Disaster Grants ? Public Assistance (Presidentially Declared Disasters) - 97.036 Emergency Management Performance Grants ? 97.042 Fire Management Assistance Grants ? 97.046 Pre-Disaster Mitigation ? 97.047 Homeland Security Grant Program ? 97.067 Award Period: Various Type of Finding: Material Weakness in Internal Control over Compliance Material Noncompliance (Modified Opinion) Questioned Costs: None Condition: During our testing, we noted the Department did not have adequate internal controls in place to ensure compliance with subrecipient monitoring. ? All o The Department lacked evidence that a risk assessment was performed for subrecipients as relates to the risk of noncompliance for those subawards subject to the Uniform Guidance. o The Department lacked a process for all federal programs to review the audits of subrecipients that would allow the Department to identify any potential deficiencies that would require follow-up. o The Department lacked a process to ensure timely reporting by subgrantees of financial reporting and performance reporting. Also, the Department lacked a process to ensure timely review of reports submitted by subgrantees. Management?s Progress for Repeated Findings: Management failed to implement adequate controls to resolve the finding from the prior years. Criteria: According to ?200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 Management Decision. Department Policy No. GRA 418 Sub-Grant Recipient Monitoring effective June 30, 2017 establishes and implements policy and procedures for the Department staff engaged in the Department?s sub-grant recipient monitoring process. For Mitigation Sub-Grant Monitoring, the Mitigation Specialist shall review the local progress quarterly reports due to the Department. For Non-Disaster Sub-Grant Recipient Monitoring, the Program Manager shall review the local progress quarterly reports due to the Department. Specific to Pre-Monitoring Requirements and Considerations, Department Program Staff shall perform risk-based assessments and apply the assessment to all of the Department?s approved sub-recipients for monitoring purposes and risk designation. Effect: The auditor noted instances of material noncompliance. Noncompliance results in possible federal funds provided to ineligible subrecipients. Also, the lack of internal controls over this compliance requirement provides an opportunity for noncompliance at the subrecipient level. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. Cause: The program staff continue to not operate under the Sub-Grant Recipient Monitoring effective June 30, 2017. The Department continues to lack established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements.
2022-006 (2019-015) SUBRECIPIENT MONITORING ? Repeated and Modified Federal Agency: U.S. Department of Homeland Security/FEMA Federal Program Title & Assistance Listing Number: Disaster Grants ? Public Assistance (Presidentially Declared Disasters) - 97.036 Emergency Management Performance Grants ? 97.042 Fire Management Assistance Grants ? 97.046 Pre-Disaster Mitigation ? 97.047 Homeland Security Grant Program ? 97.067 Award Period: Various Type of Finding: Material Weakness in Internal Control over Compliance Material Noncompliance (Modified Opinion) Questioned Costs: None Condition: During our testing, we noted the Department did not have adequate internal controls in place to ensure compliance with subrecipient monitoring. ? All o The Department lacked evidence that a risk assessment was performed for subrecipients as relates to the risk of noncompliance for those subawards subject to the Uniform Guidance. o The Department lacked a process for all federal programs to review the audits of subrecipients that would allow the Department to identify any potential deficiencies that would require follow-up. o The Department lacked a process to ensure timely reporting by subgrantees of financial reporting and performance reporting. Also, the Department lacked a process to ensure timely review of reports submitted by subgrantees. Management?s Progress for Repeated Findings: Management failed to implement adequate controls to resolve the finding from the prior years. Criteria: According to ?200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 Management Decision. Department Policy No. GRA 418 Sub-Grant Recipient Monitoring effective June 30, 2017 establishes and implements policy and procedures for the Department staff engaged in the Department?s sub-grant recipient monitoring process. For Mitigation Sub-Grant Monitoring, the Mitigation Specialist shall review the local progress quarterly reports due to the Department. For Non-Disaster Sub-Grant Recipient Monitoring, the Program Manager shall review the local progress quarterly reports due to the Department. Specific to Pre-Monitoring Requirements and Considerations, Department Program Staff shall perform risk-based assessments and apply the assessment to all of the Department?s approved sub-recipients for monitoring purposes and risk designation. Effect: The auditor noted instances of material noncompliance. Noncompliance results in possible federal funds provided to ineligible subrecipients. Also, the lack of internal controls over this compliance requirement provides an opportunity for noncompliance at the subrecipient level. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. Cause: The program staff continue to not operate under the Sub-Grant Recipient Monitoring effective June 30, 2017. The Department continues to lack established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements.
2022-006 (2019-015) SUBRECIPIENT MONITORING ? Repeated and Modified Federal Agency: U.S. Department of Homeland Security/FEMA Federal Program Title & Assistance Listing Number: Disaster Grants ? Public Assistance (Presidentially Declared Disasters) - 97.036 Emergency Management Performance Grants ? 97.042 Fire Management Assistance Grants ? 97.046 Pre-Disaster Mitigation ? 97.047 Homeland Security Grant Program ? 97.067 Award Period: Various Type of Finding: Material Weakness in Internal Control over Compliance Material Noncompliance (Modified Opinion) Questioned Costs: None Condition: During our testing, we noted the Department did not have adequate internal controls in place to ensure compliance with subrecipient monitoring. ? All o The Department lacked evidence that a risk assessment was performed for subrecipients as relates to the risk of noncompliance for those subawards subject to the Uniform Guidance. o The Department lacked a process for all federal programs to review the audits of subrecipients that would allow the Department to identify any potential deficiencies that would require follow-up. o The Department lacked a process to ensure timely reporting by subgrantees of financial reporting and performance reporting. Also, the Department lacked a process to ensure timely review of reports submitted by subgrantees. Management?s Progress for Repeated Findings: Management failed to implement adequate controls to resolve the finding from the prior years. Criteria: According to ?200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 Management Decision. Department Policy No. GRA 418 Sub-Grant Recipient Monitoring effective June 30, 2017 establishes and implements policy and procedures for the Department staff engaged in the Department?s sub-grant recipient monitoring process. For Mitigation Sub-Grant Monitoring, the Mitigation Specialist shall review the local progress quarterly reports due to the Department. For Non-Disaster Sub-Grant Recipient Monitoring, the Program Manager shall review the local progress quarterly reports due to the Department. Specific to Pre-Monitoring Requirements and Considerations, Department Program Staff shall perform risk-based assessments and apply the assessment to all of the Department?s approved sub-recipients for monitoring purposes and risk designation. Effect: The auditor noted instances of material noncompliance. Noncompliance results in possible federal funds provided to ineligible subrecipients. Also, the lack of internal controls over this compliance requirement provides an opportunity for noncompliance at the subrecipient level. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. Cause: The program staff continue to not operate under the Sub-Grant Recipient Monitoring effective June 30, 2017. The Department continues to lack established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements.
Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) requires that pass-through entities clearly identify to each subrecipient significant Federal subaward information, including identifying award numbers, subaward period dates and budget dates, Federal Assistance Listings number and Title, and appropriate terms and conditions concerning closeout of the subaward. Typically this requirement is satisfied by utilizing a subrecipient contract, reflecting all necessary information, and requiring execution showing acknowledgement of the terms by both parties. 2 CFR section 200.332(b) requires that pass-through entities evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. The evaluation of this risk should include the subrecipient?s prior experience with the same or similar subawards, the results of previous subrecipient audits, whether the subrecipient has new personnel or substantially changed systems, and the extent and results of federal awarding agency monitoring if the subrecipient also receives federal awards directly. 2 CFR section 200.331(f) requires that pass-through entities verify that subrecipients expected to be audited are taking timely and appropriate action on deficiencies detected through audits. Condition: Internal controls should be in place to ensure the City is in compliance with all requirements of the federal award program. For the fiscal year ended June 30, 2022, the following conditions existed: ? A risk assessment, required by 2 CFR section 200.332(b), was not performed on the City?s subrecipient of grant funds. ? The City did not verify whether the subrecipient of the grant funds was required to be audited, as required by 2 CFR section 200.331(f). ? The agreement between the City and its subrecipient did not include a description of the program?s compliance requirements, as required by 2 CFR section 200.331(a), including the specific requirements for the subrecipient?s periodic reporting to the City. Context/Cause: The City did not have adequate internal controls to ensure compliance with subrecipient monitoring requirements. Testing was performed over each requirement for the City, who had a single subrecipient for the fiscal year ended June 30, 2022. Effect: Noncompliance at the subrecipient level may occur due to the subrecipient not being aware of all of the grant?s requirements. Without a risk assessment being performed on the City?s subrecipient for its grant funds, the City will not be aware of problems with staffing or information systems of the subrecipient. Additionally, the City will be unable to effectively monitor the subrecipient if the City is unaware of whether the subrecipient is required to be audited. Recommendation: We recommend the City enhances internal controls to ensure compliance with subrecipient monitoring requirements. Auditee?s Response: We concur with the finding. We will take the necessary steps to ensure that subrecipient agreements include a communication of the federal requirements and that the City performs a risk assessment on subrecipients of federal funding.
Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) requires that pass-through entities clearly identify to each subrecipient significant Federal subaward information, including identifying award numbers, subaward period dates and budget dates, Federal Assistance Listings number and Title, and appropriate terms and conditions concerning closeout of the subaward. Typically this requirement is satisfied by utilizing a subrecipient contract, reflecting all necessary information, and requiring execution showing acknowledgement of the terms by both parties. 2 CFR section 200.332(b) requires that pass-through entities evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. The evaluation of this risk should include the subrecipient?s prior experience with the same or similar subawards, the results of previous subrecipient audits, whether the subrecipient has new personnel or substantially changed systems, and the extent and results of federal awarding agency monitoring if the subrecipient also receives federal awards directly. 2 CFR section 200.331(f) requires that pass-through entities verify that subrecipients expected to be audited are taking timely and appropriate action on deficiencies detected through audits. Condition: Internal controls should be in place to ensure the City is in compliance with all requirements of the federal award program. For the fiscal year ended June 30, 2022, the following conditions existed: ? A risk assessment, required by 2 CFR section 200.332(b), was not performed on the City?s subrecipient of grant funds. ? The City did not verify whether the subrecipient of the grant funds was required to be audited, as required by 2 CFR section 200.331(f). ? The agreement between the City and its subrecipient did not include a description of the program?s compliance requirements, as required by 2 CFR section 200.331(a), including the specific requirements for the subrecipient?s periodic reporting to the City. Context/Cause: The City did not have adequate internal controls to ensure compliance with subrecipient monitoring requirements. Testing was performed over each requirement for the City, who had a single subrecipient for the fiscal year ended June 30, 2022. Effect: Noncompliance at the subrecipient level may occur due to the subrecipient not being aware of all of the grant?s requirements. Without a risk assessment being performed on the City?s subrecipient for its grant funds, the City will not be aware of problems with staffing or information systems of the subrecipient. Additionally, the City will be unable to effectively monitor the subrecipient if the City is unaware of whether the subrecipient is required to be audited. Recommendation: We recommend the City enhances internal controls to ensure compliance with subrecipient monitoring requirements. Auditee?s Response: We concur with the finding. We will take the necessary steps to ensure that subrecipient agreements include a communication of the federal requirements and that the City performs a risk assessment on subrecipients of federal funding.
Condition During our audit, we examined a non-statistical sample of six subawards and found that the most recent Single Audit reports for the three subrecipients required to obtain Single Audits were not reviewed by program personnel. Criteria Per 2 CFR Section 200.332(d), a pass-through entity is required to monitor the activities of the subrecipient as necessary to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward. Monitoring must include a review of financial performance reports, following up with the subrecipient to ensure timely and appropriate action on all deficiencies, issuing management decision for applicable audit findings, resolving audit findings, and verifying that each subrecipient is audited as required by 2 CFR 200, Subpart F. Effect Failure to review the subrecipients? Single Audit reports may result in failure by the subrecipient to take timely and appropriate action to resolve deficiencies detected through the audit. Cause and View of Responsible Officials The Highway Safety Division did not have the capacity to perform the review of applicable subrecipients? Single Audit reports due to significant personnel changes throughout the year. Program personnel plan to assign the review of the Single Audit Reports to specific personnel so that the necessary procedures are performed in a timely manner going forward. Recommendation All personnel involved in the administration of a program for which federal funds are expended should receive adequate training about federal compliance requirements related to such program. In addition, an individual should be assigned the responsibility to monitor compliance with all related federal requirements for programs involving the expenditure of federal funds. Finally, the Highways Division should make a conscious effort to meet the compliance requirement as the Single Audit Reports become available for review through the Federal Audit Clearinghouse.
Condition During our audit, we examined a non-statistical sample of six subawards and found that the most recent Single Audit reports for the three subrecipients required to obtain Single Audits were not reviewed by program personnel. Criteria Per 2 CFR Section 200.332(d), a pass-through entity is required to monitor the activities of the subrecipient as necessary to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward. Monitoring must include a review of financial performance reports, following up with the subrecipient to ensure timely and appropriate action on all deficiencies, issuing management decision for applicable audit findings, resolving audit findings, and verifying that each subrecipient is audited as required by 2 CFR 200, Subpart F. Effect Failure to review the subrecipients? Single Audit reports may result in failure by the subrecipient to take timely and appropriate action to resolve deficiencies detected through the audit. Cause and View of Responsible Officials The Highway Safety Division did not have the capacity to perform the review of applicable subrecipients? Single Audit reports due to significant personnel changes throughout the year. Program personnel plan to assign the review of the Single Audit Reports to specific personnel so that the necessary procedures are performed in a timely manner going forward. Recommendation All personnel involved in the administration of a program for which federal funds are expended should receive adequate training about federal compliance requirements related to such program. In addition, an individual should be assigned the responsibility to monitor compliance with all related federal requirements for programs involving the expenditure of federal funds. Finally, the Highways Division should make a conscious effort to meet the compliance requirement as the Single Audit Reports become available for review through the Federal Audit Clearinghouse.
See Schedule of Findings and Questioned Costs for chart/table. Condition During our audit, we examined a non statistical sample of two subawards and found no evidence that evaluations of the subrecipients? risk of noncompliance and applicable federal award information was communicated to the subrecipients at the time of the subawards. Criteria 2 CFR Section 200.332(a) requires subawards to clearly identify information, such as the FAIN, identification of whether the award is R&D, period of performance, and indirect cost. 2 CFR Section 200.332(b) requires a pass-through entity to evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related the subaward. Effect By not including the required information in the subaward, subrecipients may have trouble complying with federal grant requirements. Furthermore, without evaluating the subrecipient?s risk of noncompliance and determining appropriate subrecipient monitoring procedures necessary, the State may not be providing the appropriate level of monitoring over its subrecipients. Cause and View of Responsible Officials Program personnel improperly determined first-tier subrecipients resulting in applicable federal award information not being communicated in the subawards and not assessing the subrecipients? risk of noncompliance not being performed. Recommendation We recommend that program management ensure that program personnel are familiar with all grant requirements, including compliance with 2 CFR Part 200 which requires the reporting of all necessary federal award information to subrecipients and risk assessments of subrecipients. Management should develop procedures that ensure the State?s responsibilities as a pass-through entity are fulfilled, including providing subrecipients all applicable federal award information and performing a formal analysis of each subrecipient?s risk of noncompliance with each of the respective subaward requirements. The risk evaluation may include consideration of the following factors: The subrecipient?s prior experience with the same or similar subawards; The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; Whether the subrecipient has new personnel or new or substantially changed systems; and The extent and results of federal awarding agency monitoring.
See Schedule of Findings and Questioned Costs for chart/table. Condition During our audit, we examined a non statistical sample of six subawards and found no evidence of evaluation of any of the subrecipients? risk of noncompliance at the time of the subaward. Furthermore, the most recent Single Audit report for one of the subrecipients selected for testing was not reviewed by program personnel for any potential findings. Criteria Per 2 CFR Section 200.332(b), a pass-through entity is required to evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring procedures related to the subaward. Per 2 CFR Section 200.332(d), a pass-through entity is required to monitor the activities of the subrecipient as necessary to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward. Monitoring must include a review of financial performance reports, following up with the subrecipient to ensure timely and appropriate action on all deficiencies, issuing management decision for applicable audit findings, resolving audit findings, and verifying that each subrecipient is audited as required by 2 CFR 200, Subpart F. Effect Without evaluating the subrecipient?s risk of noncompliance and determining the appropriate subrecipient monitoring procedures necessary, the State may not be providing the appropriate level of monitoring over its subrecipients. Cause and View of Responsible Officials Due to changes in personnel responsibilities, there was miscommunication between the parties responsible for evaluating the risk of noncompliance. Furthermore, the Single Audit report for one of the subrecipients was not reviewed due to oversight as the program personnel was unaware that the subrecipient is separately audited. Recommendation We recommend that program management ensure that program personnel are familiar with all grant requirements, including compliance with 2 CFR Part 200 which requires the reporting of all necessary federal award information to subrecipients and risk assessments of subrecipients. Management should develop procedures that ensure the State department?s responsibilities as a pass-through entity are fulfilled, including a formal analysis of each subrecipient?s risk of noncompliance with each of the respective subaward requirements. This evaluation of risk may include consideration of such factors as the following: The subrecipient?s prior experience with the same or similar subawards; The results of previous audits including whether or not the subrecipient receives a single audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward was audited as a major program; Whether the subrecipient has new personnel or new or substantially changed systems; and The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency).
2022-032 Oregon Housing and Community Services Ensure subrecipient risk assessments and fiscal monitoring are performed and required grant information is communicated timely to subrecipients Federal Awarding Agency: U.S. Department of Health and Human Services Assistance Listing Number and Name: 93.568 Low-Income Home Energy Assistance Program, 93.568 Low-Income Home Energy Assistance Program (COVID-19) Federal Award Numbers and Years: 2001ORE5C3, 2020 (COVID-19); 2102ORLIEA, 2021; 2102ORE5C6 , 2021 (COVID-19); 2202ORLIEA, 2022 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness; Material Noncompliance Prior Year Finding: N/A Questioned Costs: N/A Criteria: 2 CFR ? 200.332(a) ? (h) Federal regulations require that pass-through entities evaluate each subrecipient?s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward to determine the extent and scope of subrecipient monitoring activities. Monitoring activities should be based on the results of a given subrecipient?s determined risk. Pass-through entities must also communicate certain award information to subrecipients as the time of the subaward. The department, as the pass-through entity, has long-established subrecipient monitoring procedures broken into two categories: program and fiscal monitoring. Program monitoring is performed by program-specific staff and focuses on requirements related to certain aspects of Activities Allowed and Client Eligibility. During FY2022, the department performed program monitoring activities as planned. Fiscal monitoring reviews compliance requirements related to Allowable Costs, Activities Allowed, and Earmarking. However, fiscal monitoring activities were limited due to staff turnover. As a result, limited fiscal monitoring procedures were performed for 5 of 17 subrecipients, and fiscal monitoring risk assessments were not performed for any of the 17 subrecipients. Without the performance of subrecipient risk assessments and adequate fiscal monitoring, the department risks distributing program funds to subrecipients out of compliance with federal program requirements. Additionally, we reviewed 5 randomly selected subrecipients to determine whether all required grant award information was communicated at the time of the subaward. For all of the 5 subrecipients reviewed, only some of the required information was communicated at the time of the award. The required information missing in the original grant agreements was communicated via agreement amendments several months later. Without timely communication of required grant information, subrecipients may not have all the information they need for the subaward they received. We recommend department management ensure subrecipient risk assessments are performed for all subrecipients and ensure required fiscal monitoring activities are performed based on the results of the risk assessments. We also recommend department management ensure all required award information is communicated to subrecipients at the time of the subawards.
2022-032 Oregon Housing and Community Services Ensure subrecipient risk assessments and fiscal monitoring are performed and required grant information is communicated timely to subrecipients Federal Awarding Agency: U.S. Department of Health and Human Services Assistance Listing Number and Name: 93.568 Low-Income Home Energy Assistance Program, 93.568 Low-Income Home Energy Assistance Program (COVID-19) Federal Award Numbers and Years: 2001ORE5C3, 2020 (COVID-19); 2102ORLIEA, 2021; 2102ORE5C6 , 2021 (COVID-19); 2202ORLIEA, 2022 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness; Material Noncompliance Prior Year Finding: N/A Questioned Costs: N/A Criteria: 2 CFR ? 200.332(a) ? (h) Federal regulations require that pass-through entities evaluate each subrecipient?s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward to determine the extent and scope of subrecipient monitoring activities. Monitoring activities should be based on the results of a given subrecipient?s determined risk. Pass-through entities must also communicate certain award information to subrecipients as the time of the subaward. The department, as the pass-through entity, has long-established subrecipient monitoring procedures broken into two categories: program and fiscal monitoring. Program monitoring is performed by program-specific staff and focuses on requirements related to certain aspects of Activities Allowed and Client Eligibility. During FY2022, the department performed program monitoring activities as planned. Fiscal monitoring reviews compliance requirements related to Allowable Costs, Activities Allowed, and Earmarking. However, fiscal monitoring activities were limited due to staff turnover. As a result, limited fiscal monitoring procedures were performed for 5 of 17 subrecipients, and fiscal monitoring risk assessments were not performed for any of the 17 subrecipients. Without the performance of subrecipient risk assessments and adequate fiscal monitoring, the department risks distributing program funds to subrecipients out of compliance with federal program requirements. Additionally, we reviewed 5 randomly selected subrecipients to determine whether all required grant award information was communicated at the time of the subaward. For all of the 5 subrecipients reviewed, only some of the required information was communicated at the time of the award. The required information missing in the original grant agreements was communicated via agreement amendments several months later. Without timely communication of required grant information, subrecipients may not have all the information they need for the subaward they received. We recommend department management ensure subrecipient risk assessments are performed for all subrecipients and ensure required fiscal monitoring activities are performed based on the results of the risk assessments. We also recommend department management ensure all required award information is communicated to subrecipients at the time of the subawards.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
2022 ? 007 (Previously 2021-003) Subrecipient Monitoring (Significant Deficiency and Noncompliance) Federal Agency: U.S. Department of Treasury Federal Program Name: Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.027 Federal Award Identification Number and Year: Pub. L. No. 117-2-2021 Award Period: 5/10/2021 - 12/31/2026 Type of Finding: ? Significant Deficiency in Internal Control over Compliance, Other Matters Criteria or specific requirement: According to ? 200.303 Internal controls of 2 CFR Part 200, the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. According to ? 200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must: ? Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. ? Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. ? Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501. ? Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. According to the City's subrecipient monitoring policies and procedures, monitoring of subrecipients shall be conducted as often as may be required at the discretion of the Community Development Division or at least once per program year. An annual Risk Assessment will be completed to determine a ranking for the activity. The Risk Assessment ranking score will determine whether a monitoring review will occur. Condition: During our testing, it was noted that the City did not follow federal subrecipient monitoring and management regulation nor its subrecipient monitoring policies and procedures. Questioned costs: None 2022 ? 007 (Previously 2021-003) Subrecipient Monitoring (Significant Deficiency and Noncompliance) (Continued) Context: During our testing, we noted the following exceptions: ? For 2 of 4 subrecipients, the City did not utilize the risk assessment tool specific to ARPA which does have a different risk assessment ranking score determining the monitoring of the subrecipient. The City did, however, perform a monitoring visit for the subrecipients. ? For 1 of 4 subrecipients, the City did not utilize the risk assessment tool specific to ARPA. The City utilized the AGA Risk Assessment Monitoring Tool. We noted the following exceptions. ? According to the Introduction of the AGA Risk Assessment Monitoring Tool, while the risk assessment monitoring tool may be useful in supplementing existing tools, it is not intended to replace any risk assessment tools that may already be in use by monitoring agencies. Further, the City omitted the Programmatic Assessment of the AGA Risk Assessment Monitoring Tool. ? According to the Introduction of the AGA Risk Assessment Monitoring Tool, in using the risk assessment tool, monitoring agencies are encouraged to develop applicable risk factors to evaluate programmatic compliance risk and should use professional judgment in developing a weighted scoring system for each component of the assessment. The City did not develop a weighted scoring system for each component of the assessment. ? No evidence of approval of the AGA Risk Assessment Monitoring Tool. ? In the Monitoring/Audit Assessment section of the AGA Risk Assessment Monitoring Tool, the City marked all N/A based on a response of the subrecipient has not needed to complete a single audit in the past. However, the subrecipient did have a single audit for the fiscal year end date of 12/31/2020 with the Federal Audit Clearinghouse receiving the audit report on 5/27/2021. No review of the single audit by the City. Management?s Progress for Repeat Findings: The City Controller reviewed the listing of subrecipient risk assessments for 2022 and the listing was determined to be complete. The City will update the subrecipient monitoring policies and procedures ad provide training to the departments. Cause: The City failed to follow federal subrecipient monitoring and management regulation nor its subrecipient monitoring policies and procedures. Repeat Finding: 2021-003 Effect: The auditor noted instances of noncompliance. Noncompliance results in subrecipients' noncompliance with federal statutes, regulations, and the terms and conditions of the subaward. Recommendation: We recommend the City design controls to ensure compliance with federal subrecipient monitoring and management regulation and its subrecipient monitoring policies and procedures. Management Response: Management agrees with the finding. The City will develop standard City-wide subrecipient management policies and procedures including risk assessment and monitoring tools. Additionally, any federal program with two or more City departments managing subrecipients will use the same subrecipient tools to ensure consistency. Timeline and Responsible Position: June 2023 ? City Controller/DFAS Deputy Director
Criteria or Specific Requirement: In accordance with 2 CFR section 200.332(b), each subrecipient?s risk of noncompliance must be evaluated. Condition: The City has two subrecipients under this grant receiving $674,871 out of expenditures of $1,187,264. The documentation of the risk assessment for one of the subrecipients who received $103,621 could not be found. Cause: Due care as it relates to documentation retention was not in place. Effect: The City does not have evidence that the subrecipient has low risk of noncompliance. Questioned Costs: None. Context: Other elements of subrecipient monitoring, such as the oversight of expenditures of funds via monthly and/or quarterly reporting, were in place. Identification of a repeat finding: Not a repeat finding. Recommendation: We recommend that management establish and maintain effective internal control ensuring proper risk assessment procedures as well as a process of ensuring document retention. Management Response: See Corrective Action Plan.
SIGNIFICANT DEFICIENCY IN INTERNAL CONTROL OVER COMPLIANCE ? U.S. DEPARTMENT OF THE TREASURY, PASSED THROUGH MINNESOTA DEPARTMENT OF EDUCATION, CORONAVIRUS STATE AND LOCAL FISCAL RECOVERY FUNDS ? FEDERAL ALN 21.027 2022-003 Internal Controls Over Compliance With Subrecipient Monitoring Requirements Criteria ? 2 CFR ? 200.332 requires the District as a pass-through entity, to have written subrecipient monitoring policies and procedures that include a written risk assessment of each subrecipient and documentation of the District?s monitoring of the subrecipient. Additionally, as a pass-through entity, the District is required to verify that every subrecipient is audited as required by 2 CFR ? 200 Subpart F when it is expected that the subrecipient?s federal awards expended during the respective fiscal year equaled or exceeded the threshold for a federal single audit. Condition ? During our audit, we noted that the District did not have documented written controls to ensure compliance with the U.S. Office of Management and Budget?s Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) subrecipient monitoring requirements. The District did not maintain documentation of their evaluation of each subrecipient?s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward, nor did the District maintain documentation of the results of the subrecipients? single audit, if any, for purposes of determining the appropriate subrecipient monitoring. Questioned Costs ? Not applicable. Context ? The District passed through $548,292 to seven subrecipients during the fiscal year. Repeat Finding ? This is a current year finding. Cause ? This was an oversight by district personnel. Effect ? This could be viewed as a violation of the award agreement. Recommendation ? We recommend that the District review its internal control procedures relating to subrecipient monitoring for all federal programs. We also recommend the District adopt written policies pertaining to subrecipient monitoring for all federal programs. Finally, we recommend the District identify subrecipients and maintain documentation of written risk assessments of each subrecipient, that includes a consideration of the subrecipient?s single audit results, if any. View of Responsible Official and Planned Corrective Actions ? The District agrees with the finding. The District is in the process of reviewing its internal control procedures and updating its written policies and procedures relating to subrecipient monitoring for its federal programs to ensure compliance with the Uniform Guidance in the future. The District has separately issued a Corrective Action Plan related to this finding.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.