2022?043 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of Homeland Security Disaster Grants ? Public Assistance (Presidentially Declared Disasters) 97.036/ COVID-19 97.036 Grant Award FEMA?4219-DR?WV Grant Award FEMA?4220-DR?WV Grant Award FEMA?4273-DR?WV Grant Award FEMA?4331-DR?WV Grant Award FEMA?4359-DR?WV Grant Award FEMA?4378-DR?WV Grant Award FEMA?4455-DR?WV Grant Award FEMA?4517-DR?WV Grant Award FEMA?4603-DR?WV Grant Award FEMA?4605-DR?WVCriteria: 2 CFR 200.303 requires that the West Virginia Division of Emergency Management (DEM) must ?(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the comptroller General of the United States and the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR 200.332(b) requires that all pass-through entities must: (b) Evaluate each subrecipient?s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient?s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). Condition: We noted that the DEM did not perform a subrecipient risk assessment. Therefore, DEM was unable to provide documentation supporting that the level of monitoring to be completed for each subrecipient was appropriate based on the risk assessment. DEM only monitored two subrecipients during the year due to limited staffing and no risk assessment being performed. Questioned Costs: Unknown Context: Total federal expenditures and total subrecipient expenditures for the Disaster Grants ? Public Assistance (Presidentially Declared Disasters) program were $96,563,597 and $63,845,975, respectively, for the year ended June 30, 2022. Cause: Although DEM has policies and procedures in place surrounding the subrecipient monitoring compliance requirements, due to staffing issues during the fiscal year, subrecipient risk assessments were not completed and an adequate number of subrecipients were not monitored. Effect: DEM does not have proper internal controls in place to ensure policies and procedures surrounding the subrecipient monitoring compliance requirements are in effect. DEM does not have evidence to support appropriate subrecipient monitoring; therefore, management may not be able to identify issues in a timely manner. Recommendation: We recommend that DEM review policies and procedures for sufficiency and commit the appropriate personnel to subrecipient monitoring to ensure they are in compliance with federal requirements. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
2022?043 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name Assistance Listing # U.S. Department of Homeland Security Disaster Grants ? Public Assistance (Presidentially Declared Disasters) 97.036/ COVID-19 97.036 Grant Award FEMA?4219-DR?WV Grant Award FEMA?4220-DR?WV Grant Award FEMA?4273-DR?WV Grant Award FEMA?4331-DR?WV Grant Award FEMA?4359-DR?WV Grant Award FEMA?4378-DR?WV Grant Award FEMA?4455-DR?WV Grant Award FEMA?4517-DR?WV Grant Award FEMA?4603-DR?WV Grant Award FEMA?4605-DR?WVCriteria: 2 CFR 200.303 requires that the West Virginia Division of Emergency Management (DEM) must ?(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the comptroller General of the United States and the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR 200.332(b) requires that all pass-through entities must: (b) Evaluate each subrecipient?s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient?s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). Condition: We noted that the DEM did not perform a subrecipient risk assessment. Therefore, DEM was unable to provide documentation supporting that the level of monitoring to be completed for each subrecipient was appropriate based on the risk assessment. DEM only monitored two subrecipients during the year due to limited staffing and no risk assessment being performed. Questioned Costs: Unknown Context: Total federal expenditures and total subrecipient expenditures for the Disaster Grants ? Public Assistance (Presidentially Declared Disasters) program were $96,563,597 and $63,845,975, respectively, for the year ended June 30, 2022. Cause: Although DEM has policies and procedures in place surrounding the subrecipient monitoring compliance requirements, due to staffing issues during the fiscal year, subrecipient risk assessments were not completed and an adequate number of subrecipients were not monitored. Effect: DEM does not have proper internal controls in place to ensure policies and procedures surrounding the subrecipient monitoring compliance requirements are in effect. DEM does not have evidence to support appropriate subrecipient monitoring; therefore, management may not be able to identify issues in a timely manner. Recommendation: We recommend that DEM review policies and procedures for sufficiency and commit the appropriate personnel to subrecipient monitoring to ensure they are in compliance with federal requirements. Views of Responsible Officials: Management concurs with the finding and has developed a plan to correct the finding.
2022-006 (2019-015) SUBRECIPIENT MONITORING ? Repeated and Modified Federal Agency: U.S. Department of Homeland Security/FEMA Federal Program Title & Assistance Listing Number: Disaster Grants ? Public Assistance (Presidentially Declared Disasters) - 97.036 Emergency Management Performance Grants ? 97.042 Fire Management Assistance Grants ? 97.046 Pre-Disaster Mitigation ? 97.047 Homeland Security Grant Program ? 97.067 Award Period: Various Type of Finding: Material Weakness in Internal Control over Compliance Material Noncompliance (Modified Opinion) Questioned Costs: None Condition: During our testing, we noted the Department did not have adequate internal controls in place to ensure compliance with subrecipient monitoring. ? All o The Department lacked evidence that a risk assessment was performed for subrecipients as relates to the risk of noncompliance for those subawards subject to the Uniform Guidance. o The Department lacked a process for all federal programs to review the audits of subrecipients that would allow the Department to identify any potential deficiencies that would require follow-up. o The Department lacked a process to ensure timely reporting by subgrantees of financial reporting and performance reporting. Also, the Department lacked a process to ensure timely review of reports submitted by subgrantees. Management?s Progress for Repeated Findings: Management failed to implement adequate controls to resolve the finding from the prior years. Criteria: According to ?200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 Management Decision. Department Policy No. GRA 418 Sub-Grant Recipient Monitoring effective June 30, 2017 establishes and implements policy and procedures for the Department staff engaged in the Department?s sub-grant recipient monitoring process. For Mitigation Sub-Grant Monitoring, the Mitigation Specialist shall review the local progress quarterly reports due to the Department. For Non-Disaster Sub-Grant Recipient Monitoring, the Program Manager shall review the local progress quarterly reports due to the Department. Specific to Pre-Monitoring Requirements and Considerations, Department Program Staff shall perform risk-based assessments and apply the assessment to all of the Department?s approved sub-recipients for monitoring purposes and risk designation. Effect: The auditor noted instances of material noncompliance. Noncompliance results in possible federal funds provided to ineligible subrecipients. Also, the lack of internal controls over this compliance requirement provides an opportunity for noncompliance at the subrecipient level. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. Cause: The program staff continue to not operate under the Sub-Grant Recipient Monitoring effective June 30, 2017. The Department continues to lack established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements.
2022-006 (2019-015) SUBRECIPIENT MONITORING ? Repeated and Modified Federal Agency: U.S. Department of Homeland Security/FEMA Federal Program Title & Assistance Listing Number: Disaster Grants ? Public Assistance (Presidentially Declared Disasters) - 97.036 Emergency Management Performance Grants ? 97.042 Fire Management Assistance Grants ? 97.046 Pre-Disaster Mitigation ? 97.047 Homeland Security Grant Program ? 97.067 Award Period: Various Type of Finding: Material Weakness in Internal Control over Compliance Material Noncompliance (Modified Opinion) Questioned Costs: None Condition: During our testing, we noted the Department did not have adequate internal controls in place to ensure compliance with subrecipient monitoring. ? All o The Department lacked evidence that a risk assessment was performed for subrecipients as relates to the risk of noncompliance for those subawards subject to the Uniform Guidance. o The Department lacked a process for all federal programs to review the audits of subrecipients that would allow the Department to identify any potential deficiencies that would require follow-up. o The Department lacked a process to ensure timely reporting by subgrantees of financial reporting and performance reporting. Also, the Department lacked a process to ensure timely review of reports submitted by subgrantees. Management?s Progress for Repeated Findings: Management failed to implement adequate controls to resolve the finding from the prior years. Criteria: According to ?200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 Management Decision. Department Policy No. GRA 418 Sub-Grant Recipient Monitoring effective June 30, 2017 establishes and implements policy and procedures for the Department staff engaged in the Department?s sub-grant recipient monitoring process. For Mitigation Sub-Grant Monitoring, the Mitigation Specialist shall review the local progress quarterly reports due to the Department. For Non-Disaster Sub-Grant Recipient Monitoring, the Program Manager shall review the local progress quarterly reports due to the Department. Specific to Pre-Monitoring Requirements and Considerations, Department Program Staff shall perform risk-based assessments and apply the assessment to all of the Department?s approved sub-recipients for monitoring purposes and risk designation. Effect: The auditor noted instances of material noncompliance. Noncompliance results in possible federal funds provided to ineligible subrecipients. Also, the lack of internal controls over this compliance requirement provides an opportunity for noncompliance at the subrecipient level. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. Cause: The program staff continue to not operate under the Sub-Grant Recipient Monitoring effective June 30, 2017. The Department continues to lack established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements.
2022-006 (2019-015) SUBRECIPIENT MONITORING ? Repeated and Modified Federal Agency: U.S. Department of Homeland Security/FEMA Federal Program Title & Assistance Listing Number: Disaster Grants ? Public Assistance (Presidentially Declared Disasters) - 97.036 Emergency Management Performance Grants ? 97.042 Fire Management Assistance Grants ? 97.046 Pre-Disaster Mitigation ? 97.047 Homeland Security Grant Program ? 97.067 Award Period: Various Type of Finding: Material Weakness in Internal Control over Compliance Material Noncompliance (Modified Opinion) Questioned Costs: None Condition: During our testing, we noted the Department did not have adequate internal controls in place to ensure compliance with subrecipient monitoring. ? All o The Department lacked evidence that a risk assessment was performed for subrecipients as relates to the risk of noncompliance for those subawards subject to the Uniform Guidance. o The Department lacked a process for all federal programs to review the audits of subrecipients that would allow the Department to identify any potential deficiencies that would require follow-up. o The Department lacked a process to ensure timely reporting by subgrantees of financial reporting and performance reporting. Also, the Department lacked a process to ensure timely review of reports submitted by subgrantees. Management?s Progress for Repeated Findings: Management failed to implement adequate controls to resolve the finding from the prior years. Criteria: According to ?200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 Management Decision. Department Policy No. GRA 418 Sub-Grant Recipient Monitoring effective June 30, 2017 establishes and implements policy and procedures for the Department staff engaged in the Department?s sub-grant recipient monitoring process. For Mitigation Sub-Grant Monitoring, the Mitigation Specialist shall review the local progress quarterly reports due to the Department. For Non-Disaster Sub-Grant Recipient Monitoring, the Program Manager shall review the local progress quarterly reports due to the Department. Specific to Pre-Monitoring Requirements and Considerations, Department Program Staff shall perform risk-based assessments and apply the assessment to all of the Department?s approved sub-recipients for monitoring purposes and risk designation. Effect: The auditor noted instances of material noncompliance. Noncompliance results in possible federal funds provided to ineligible subrecipients. Also, the lack of internal controls over this compliance requirement provides an opportunity for noncompliance at the subrecipient level. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. Cause: The program staff continue to not operate under the Sub-Grant Recipient Monitoring effective June 30, 2017. The Department continues to lack established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements.
2022-006 (2019-015) SUBRECIPIENT MONITORING ? Repeated and Modified Federal Agency: U.S. Department of Homeland Security/FEMA Federal Program Title & Assistance Listing Number: Disaster Grants ? Public Assistance (Presidentially Declared Disasters) - 97.036 Emergency Management Performance Grants ? 97.042 Fire Management Assistance Grants ? 97.046 Pre-Disaster Mitigation ? 97.047 Homeland Security Grant Program ? 97.067 Award Period: Various Type of Finding: Material Weakness in Internal Control over Compliance Material Noncompliance (Modified Opinion) Questioned Costs: None Condition: During our testing, we noted the Department did not have adequate internal controls in place to ensure compliance with subrecipient monitoring. ? All o The Department lacked evidence that a risk assessment was performed for subrecipients as relates to the risk of noncompliance for those subawards subject to the Uniform Guidance. o The Department lacked a process for all federal programs to review the audits of subrecipients that would allow the Department to identify any potential deficiencies that would require follow-up. o The Department lacked a process to ensure timely reporting by subgrantees of financial reporting and performance reporting. Also, the Department lacked a process to ensure timely review of reports submitted by subgrantees. Management?s Progress for Repeated Findings: Management failed to implement adequate controls to resolve the finding from the prior years. Criteria: According to ?200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 Management Decision. Department Policy No. GRA 418 Sub-Grant Recipient Monitoring effective June 30, 2017 establishes and implements policy and procedures for the Department staff engaged in the Department?s sub-grant recipient monitoring process. For Mitigation Sub-Grant Monitoring, the Mitigation Specialist shall review the local progress quarterly reports due to the Department. For Non-Disaster Sub-Grant Recipient Monitoring, the Program Manager shall review the local progress quarterly reports due to the Department. Specific to Pre-Monitoring Requirements and Considerations, Department Program Staff shall perform risk-based assessments and apply the assessment to all of the Department?s approved sub-recipients for monitoring purposes and risk designation. Effect: The auditor noted instances of material noncompliance. Noncompliance results in possible federal funds provided to ineligible subrecipients. Also, the lack of internal controls over this compliance requirement provides an opportunity for noncompliance at the subrecipient level. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. Cause: The program staff continue to not operate under the Sub-Grant Recipient Monitoring effective June 30, 2017. The Department continues to lack established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements.
2022-006 (2019-015) SUBRECIPIENT MONITORING ? Repeated and Modified Federal Agency: U.S. Department of Homeland Security/FEMA Federal Program Title & Assistance Listing Number: Disaster Grants ? Public Assistance (Presidentially Declared Disasters) - 97.036 Emergency Management Performance Grants ? 97.042 Fire Management Assistance Grants ? 97.046 Pre-Disaster Mitigation ? 97.047 Homeland Security Grant Program ? 97.067 Award Period: Various Type of Finding: Material Weakness in Internal Control over Compliance Material Noncompliance (Modified Opinion) Questioned Costs: None Condition: During our testing, we noted the Department did not have adequate internal controls in place to ensure compliance with subrecipient monitoring. ? All o The Department lacked evidence that a risk assessment was performed for subrecipients as relates to the risk of noncompliance for those subawards subject to the Uniform Guidance. o The Department lacked a process for all federal programs to review the audits of subrecipients that would allow the Department to identify any potential deficiencies that would require follow-up. o The Department lacked a process to ensure timely reporting by subgrantees of financial reporting and performance reporting. Also, the Department lacked a process to ensure timely review of reports submitted by subgrantees. Management?s Progress for Repeated Findings: Management failed to implement adequate controls to resolve the finding from the prior years. Criteria: According to ?200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 Management Decision. Department Policy No. GRA 418 Sub-Grant Recipient Monitoring effective June 30, 2017 establishes and implements policy and procedures for the Department staff engaged in the Department?s sub-grant recipient monitoring process. For Mitigation Sub-Grant Monitoring, the Mitigation Specialist shall review the local progress quarterly reports due to the Department. For Non-Disaster Sub-Grant Recipient Monitoring, the Program Manager shall review the local progress quarterly reports due to the Department. Specific to Pre-Monitoring Requirements and Considerations, Department Program Staff shall perform risk-based assessments and apply the assessment to all of the Department?s approved sub-recipients for monitoring purposes and risk designation. Effect: The auditor noted instances of material noncompliance. Noncompliance results in possible federal funds provided to ineligible subrecipients. Also, the lack of internal controls over this compliance requirement provides an opportunity for noncompliance at the subrecipient level. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. Cause: The program staff continue to not operate under the Sub-Grant Recipient Monitoring effective June 30, 2017. The Department continues to lack established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements.
2022-006 (2019-015) SUBRECIPIENT MONITORING ? Repeated and Modified Federal Agency: U.S. Department of Homeland Security/FEMA Federal Program Title & Assistance Listing Number: Disaster Grants ? Public Assistance (Presidentially Declared Disasters) - 97.036 Emergency Management Performance Grants ? 97.042 Fire Management Assistance Grants ? 97.046 Pre-Disaster Mitigation ? 97.047 Homeland Security Grant Program ? 97.067 Award Period: Various Type of Finding: Material Weakness in Internal Control over Compliance Material Noncompliance (Modified Opinion) Questioned Costs: None Condition: During our testing, we noted the Department did not have adequate internal controls in place to ensure compliance with subrecipient monitoring. ? All o The Department lacked evidence that a risk assessment was performed for subrecipients as relates to the risk of noncompliance for those subawards subject to the Uniform Guidance. o The Department lacked a process for all federal programs to review the audits of subrecipients that would allow the Department to identify any potential deficiencies that would require follow-up. o The Department lacked a process to ensure timely reporting by subgrantees of financial reporting and performance reporting. Also, the Department lacked a process to ensure timely review of reports submitted by subgrantees. Management?s Progress for Repeated Findings: Management failed to implement adequate controls to resolve the finding from the prior years. Criteria: According to ?200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 Management Decision. Department Policy No. GRA 418 Sub-Grant Recipient Monitoring effective June 30, 2017 establishes and implements policy and procedures for the Department staff engaged in the Department?s sub-grant recipient monitoring process. For Mitigation Sub-Grant Monitoring, the Mitigation Specialist shall review the local progress quarterly reports due to the Department. For Non-Disaster Sub-Grant Recipient Monitoring, the Program Manager shall review the local progress quarterly reports due to the Department. Specific to Pre-Monitoring Requirements and Considerations, Department Program Staff shall perform risk-based assessments and apply the assessment to all of the Department?s approved sub-recipients for monitoring purposes and risk designation. Effect: The auditor noted instances of material noncompliance. Noncompliance results in possible federal funds provided to ineligible subrecipients. Also, the lack of internal controls over this compliance requirement provides an opportunity for noncompliance at the subrecipient level. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. Cause: The program staff continue to not operate under the Sub-Grant Recipient Monitoring effective June 30, 2017. The Department continues to lack established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements.
2022-006 (2019-015) SUBRECIPIENT MONITORING ? Repeated and Modified Federal Agency: U.S. Department of Homeland Security/FEMA Federal Program Title & Assistance Listing Number: Disaster Grants ? Public Assistance (Presidentially Declared Disasters) - 97.036 Emergency Management Performance Grants ? 97.042 Fire Management Assistance Grants ? 97.046 Pre-Disaster Mitigation ? 97.047 Homeland Security Grant Program ? 97.067 Award Period: Various Type of Finding: Material Weakness in Internal Control over Compliance Material Noncompliance (Modified Opinion) Questioned Costs: None Condition: During our testing, we noted the Department did not have adequate internal controls in place to ensure compliance with subrecipient monitoring. ? All o The Department lacked evidence that a risk assessment was performed for subrecipients as relates to the risk of noncompliance for those subawards subject to the Uniform Guidance. o The Department lacked a process for all federal programs to review the audits of subrecipients that would allow the Department to identify any potential deficiencies that would require follow-up. o The Department lacked a process to ensure timely reporting by subgrantees of financial reporting and performance reporting. Also, the Department lacked a process to ensure timely review of reports submitted by subgrantees. Management?s Progress for Repeated Findings: Management failed to implement adequate controls to resolve the finding from the prior years. Criteria: According to ?200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 Management Decision. Department Policy No. GRA 418 Sub-Grant Recipient Monitoring effective June 30, 2017 establishes and implements policy and procedures for the Department staff engaged in the Department?s sub-grant recipient monitoring process. For Mitigation Sub-Grant Monitoring, the Mitigation Specialist shall review the local progress quarterly reports due to the Department. For Non-Disaster Sub-Grant Recipient Monitoring, the Program Manager shall review the local progress quarterly reports due to the Department. Specific to Pre-Monitoring Requirements and Considerations, Department Program Staff shall perform risk-based assessments and apply the assessment to all of the Department?s approved sub-recipients for monitoring purposes and risk designation. Effect: The auditor noted instances of material noncompliance. Noncompliance results in possible federal funds provided to ineligible subrecipients. Also, the lack of internal controls over this compliance requirement provides an opportunity for noncompliance at the subrecipient level. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. Cause: The program staff continue to not operate under the Sub-Grant Recipient Monitoring effective June 30, 2017. The Department continues to lack established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements.
Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) requires that pass-through entities clearly identify to each subrecipient significant Federal subaward information, including identifying award numbers, subaward period dates and budget dates, Federal Assistance Listings number and Title, and appropriate terms and conditions concerning closeout of the subaward. Typically this requirement is satisfied by utilizing a subrecipient contract, reflecting all necessary information, and requiring execution showing acknowledgement of the terms by both parties. 2 CFR section 200.332(b) requires that pass-through entities evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. The evaluation of this risk should include the subrecipient?s prior experience with the same or similar subawards, the results of previous subrecipient audits, whether the subrecipient has new personnel or substantially changed systems, and the extent and results of federal awarding agency monitoring if the subrecipient also receives federal awards directly. 2 CFR section 200.331(f) requires that pass-through entities verify that subrecipients expected to be audited are taking timely and appropriate action on deficiencies detected through audits. Condition: Internal controls should be in place to ensure the City is in compliance with all requirements of the federal award program. For the fiscal year ended June 30, 2022, the following conditions existed: ? A risk assessment, required by 2 CFR section 200.332(b), was not performed on the City?s subrecipient of grant funds. ? The City did not verify whether the subrecipient of the grant funds was required to be audited, as required by 2 CFR section 200.331(f). ? The agreement between the City and its subrecipient did not include a description of the program?s compliance requirements, as required by 2 CFR section 200.331(a), including the specific requirements for the subrecipient?s periodic reporting to the City. Context/Cause: The City did not have adequate internal controls to ensure compliance with subrecipient monitoring requirements. Testing was performed over each requirement for the City, who had a single subrecipient for the fiscal year ended June 30, 2022. Effect: Noncompliance at the subrecipient level may occur due to the subrecipient not being aware of all of the grant?s requirements. Without a risk assessment being performed on the City?s subrecipient for its grant funds, the City will not be aware of problems with staffing or information systems of the subrecipient. Additionally, the City will be unable to effectively monitor the subrecipient if the City is unaware of whether the subrecipient is required to be audited. Recommendation: We recommend the City enhances internal controls to ensure compliance with subrecipient monitoring requirements. Auditee?s Response: We concur with the finding. We will take the necessary steps to ensure that subrecipient agreements include a communication of the federal requirements and that the City performs a risk assessment on subrecipients of federal funding.
Criteria: Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) requires that pass-through entities clearly identify to each subrecipient significant Federal subaward information, including identifying award numbers, subaward period dates and budget dates, Federal Assistance Listings number and Title, and appropriate terms and conditions concerning closeout of the subaward. Typically this requirement is satisfied by utilizing a subrecipient contract, reflecting all necessary information, and requiring execution showing acknowledgement of the terms by both parties. 2 CFR section 200.332(b) requires that pass-through entities evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. The evaluation of this risk should include the subrecipient?s prior experience with the same or similar subawards, the results of previous subrecipient audits, whether the subrecipient has new personnel or substantially changed systems, and the extent and results of federal awarding agency monitoring if the subrecipient also receives federal awards directly. 2 CFR section 200.331(f) requires that pass-through entities verify that subrecipients expected to be audited are taking timely and appropriate action on deficiencies detected through audits. Condition: Internal controls should be in place to ensure the City is in compliance with all requirements of the federal award program. For the fiscal year ended June 30, 2022, the following conditions existed: ? A risk assessment, required by 2 CFR section 200.332(b), was not performed on the City?s subrecipient of grant funds. ? The City did not verify whether the subrecipient of the grant funds was required to be audited, as required by 2 CFR section 200.331(f). ? The agreement between the City and its subrecipient did not include a description of the program?s compliance requirements, as required by 2 CFR section 200.331(a), including the specific requirements for the subrecipient?s periodic reporting to the City. Context/Cause: The City did not have adequate internal controls to ensure compliance with subrecipient monitoring requirements. Testing was performed over each requirement for the City, who had a single subrecipient for the fiscal year ended June 30, 2022. Effect: Noncompliance at the subrecipient level may occur due to the subrecipient not being aware of all of the grant?s requirements. Without a risk assessment being performed on the City?s subrecipient for its grant funds, the City will not be aware of problems with staffing or information systems of the subrecipient. Additionally, the City will be unable to effectively monitor the subrecipient if the City is unaware of whether the subrecipient is required to be audited. Recommendation: We recommend the City enhances internal controls to ensure compliance with subrecipient monitoring requirements. Auditee?s Response: We concur with the finding. We will take the necessary steps to ensure that subrecipient agreements include a communication of the federal requirements and that the City performs a risk assessment on subrecipients of federal funding.
Condition During our audit, we examined a non-statistical sample of six subawards and found that the most recent Single Audit reports for the three subrecipients required to obtain Single Audits were not reviewed by program personnel. Criteria Per 2 CFR Section 200.332(d), a pass-through entity is required to monitor the activities of the subrecipient as necessary to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward. Monitoring must include a review of financial performance reports, following up with the subrecipient to ensure timely and appropriate action on all deficiencies, issuing management decision for applicable audit findings, resolving audit findings, and verifying that each subrecipient is audited as required by 2 CFR 200, Subpart F. Effect Failure to review the subrecipients? Single Audit reports may result in failure by the subrecipient to take timely and appropriate action to resolve deficiencies detected through the audit. Cause and View of Responsible Officials The Highway Safety Division did not have the capacity to perform the review of applicable subrecipients? Single Audit reports due to significant personnel changes throughout the year. Program personnel plan to assign the review of the Single Audit Reports to specific personnel so that the necessary procedures are performed in a timely manner going forward. Recommendation All personnel involved in the administration of a program for which federal funds are expended should receive adequate training about federal compliance requirements related to such program. In addition, an individual should be assigned the responsibility to monitor compliance with all related federal requirements for programs involving the expenditure of federal funds. Finally, the Highways Division should make a conscious effort to meet the compliance requirement as the Single Audit Reports become available for review through the Federal Audit Clearinghouse.
Condition During our audit, we examined a non-statistical sample of six subawards and found that the most recent Single Audit reports for the three subrecipients required to obtain Single Audits were not reviewed by program personnel. Criteria Per 2 CFR Section 200.332(d), a pass-through entity is required to monitor the activities of the subrecipient as necessary to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward. Monitoring must include a review of financial performance reports, following up with the subrecipient to ensure timely and appropriate action on all deficiencies, issuing management decision for applicable audit findings, resolving audit findings, and verifying that each subrecipient is audited as required by 2 CFR 200, Subpart F. Effect Failure to review the subrecipients? Single Audit reports may result in failure by the subrecipient to take timely and appropriate action to resolve deficiencies detected through the audit. Cause and View of Responsible Officials The Highway Safety Division did not have the capacity to perform the review of applicable subrecipients? Single Audit reports due to significant personnel changes throughout the year. Program personnel plan to assign the review of the Single Audit Reports to specific personnel so that the necessary procedures are performed in a timely manner going forward. Recommendation All personnel involved in the administration of a program for which federal funds are expended should receive adequate training about federal compliance requirements related to such program. In addition, an individual should be assigned the responsibility to monitor compliance with all related federal requirements for programs involving the expenditure of federal funds. Finally, the Highways Division should make a conscious effort to meet the compliance requirement as the Single Audit Reports become available for review through the Federal Audit Clearinghouse.
See Schedule of Findings and Questioned Costs for chart/table. Condition During our audit, we examined a non statistical sample of two subawards and found no evidence that evaluations of the subrecipients? risk of noncompliance and applicable federal award information was communicated to the subrecipients at the time of the subawards. Criteria 2 CFR Section 200.332(a) requires subawards to clearly identify information, such as the FAIN, identification of whether the award is R&D, period of performance, and indirect cost. 2 CFR Section 200.332(b) requires a pass-through entity to evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related the subaward. Effect By not including the required information in the subaward, subrecipients may have trouble complying with federal grant requirements. Furthermore, without evaluating the subrecipient?s risk of noncompliance and determining appropriate subrecipient monitoring procedures necessary, the State may not be providing the appropriate level of monitoring over its subrecipients. Cause and View of Responsible Officials Program personnel improperly determined first-tier subrecipients resulting in applicable federal award information not being communicated in the subawards and not assessing the subrecipients? risk of noncompliance not being performed. Recommendation We recommend that program management ensure that program personnel are familiar with all grant requirements, including compliance with 2 CFR Part 200 which requires the reporting of all necessary federal award information to subrecipients and risk assessments of subrecipients. Management should develop procedures that ensure the State?s responsibilities as a pass-through entity are fulfilled, including providing subrecipients all applicable federal award information and performing a formal analysis of each subrecipient?s risk of noncompliance with each of the respective subaward requirements. The risk evaluation may include consideration of the following factors: The subrecipient?s prior experience with the same or similar subawards; The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; Whether the subrecipient has new personnel or new or substantially changed systems; and The extent and results of federal awarding agency monitoring.
See Schedule of Findings and Questioned Costs for chart/table. Condition During our audit, we examined a non statistical sample of six subawards and found no evidence of evaluation of any of the subrecipients? risk of noncompliance at the time of the subaward. Furthermore, the most recent Single Audit report for one of the subrecipients selected for testing was not reviewed by program personnel for any potential findings. Criteria Per 2 CFR Section 200.332(b), a pass-through entity is required to evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring procedures related to the subaward. Per 2 CFR Section 200.332(d), a pass-through entity is required to monitor the activities of the subrecipient as necessary to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward. Monitoring must include a review of financial performance reports, following up with the subrecipient to ensure timely and appropriate action on all deficiencies, issuing management decision for applicable audit findings, resolving audit findings, and verifying that each subrecipient is audited as required by 2 CFR 200, Subpart F. Effect Without evaluating the subrecipient?s risk of noncompliance and determining the appropriate subrecipient monitoring procedures necessary, the State may not be providing the appropriate level of monitoring over its subrecipients. Cause and View of Responsible Officials Due to changes in personnel responsibilities, there was miscommunication between the parties responsible for evaluating the risk of noncompliance. Furthermore, the Single Audit report for one of the subrecipients was not reviewed due to oversight as the program personnel was unaware that the subrecipient is separately audited. Recommendation We recommend that program management ensure that program personnel are familiar with all grant requirements, including compliance with 2 CFR Part 200 which requires the reporting of all necessary federal award information to subrecipients and risk assessments of subrecipients. Management should develop procedures that ensure the State department?s responsibilities as a pass-through entity are fulfilled, including a formal analysis of each subrecipient?s risk of noncompliance with each of the respective subaward requirements. This evaluation of risk may include consideration of such factors as the following: The subrecipient?s prior experience with the same or similar subawards; The results of previous audits including whether or not the subrecipient receives a single audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward was audited as a major program; Whether the subrecipient has new personnel or new or substantially changed systems; and The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency).
2022-032 Oregon Housing and Community Services Ensure subrecipient risk assessments and fiscal monitoring are performed and required grant information is communicated timely to subrecipients Federal Awarding Agency: U.S. Department of Health and Human Services Assistance Listing Number and Name: 93.568 Low-Income Home Energy Assistance Program, 93.568 Low-Income Home Energy Assistance Program (COVID-19) Federal Award Numbers and Years: 2001ORE5C3, 2020 (COVID-19); 2102ORLIEA, 2021; 2102ORE5C6 , 2021 (COVID-19); 2202ORLIEA, 2022 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness; Material Noncompliance Prior Year Finding: N/A Questioned Costs: N/A Criteria: 2 CFR ? 200.332(a) ? (h) Federal regulations require that pass-through entities evaluate each subrecipient?s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward to determine the extent and scope of subrecipient monitoring activities. Monitoring activities should be based on the results of a given subrecipient?s determined risk. Pass-through entities must also communicate certain award information to subrecipients as the time of the subaward. The department, as the pass-through entity, has long-established subrecipient monitoring procedures broken into two categories: program and fiscal monitoring. Program monitoring is performed by program-specific staff and focuses on requirements related to certain aspects of Activities Allowed and Client Eligibility. During FY2022, the department performed program monitoring activities as planned. Fiscal monitoring reviews compliance requirements related to Allowable Costs, Activities Allowed, and Earmarking. However, fiscal monitoring activities were limited due to staff turnover. As a result, limited fiscal monitoring procedures were performed for 5 of 17 subrecipients, and fiscal monitoring risk assessments were not performed for any of the 17 subrecipients. Without the performance of subrecipient risk assessments and adequate fiscal monitoring, the department risks distributing program funds to subrecipients out of compliance with federal program requirements. Additionally, we reviewed 5 randomly selected subrecipients to determine whether all required grant award information was communicated at the time of the subaward. For all of the 5 subrecipients reviewed, only some of the required information was communicated at the time of the award. The required information missing in the original grant agreements was communicated via agreement amendments several months later. Without timely communication of required grant information, subrecipients may not have all the information they need for the subaward they received. We recommend department management ensure subrecipient risk assessments are performed for all subrecipients and ensure required fiscal monitoring activities are performed based on the results of the risk assessments. We also recommend department management ensure all required award information is communicated to subrecipients at the time of the subawards.
2022-032 Oregon Housing and Community Services Ensure subrecipient risk assessments and fiscal monitoring are performed and required grant information is communicated timely to subrecipients Federal Awarding Agency: U.S. Department of Health and Human Services Assistance Listing Number and Name: 93.568 Low-Income Home Energy Assistance Program, 93.568 Low-Income Home Energy Assistance Program (COVID-19) Federal Award Numbers and Years: 2001ORE5C3, 2020 (COVID-19); 2102ORLIEA, 2021; 2102ORE5C6 , 2021 (COVID-19); 2202ORLIEA, 2022 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness; Material Noncompliance Prior Year Finding: N/A Questioned Costs: N/A Criteria: 2 CFR ? 200.332(a) ? (h) Federal regulations require that pass-through entities evaluate each subrecipient?s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward to determine the extent and scope of subrecipient monitoring activities. Monitoring activities should be based on the results of a given subrecipient?s determined risk. Pass-through entities must also communicate certain award information to subrecipients as the time of the subaward. The department, as the pass-through entity, has long-established subrecipient monitoring procedures broken into two categories: program and fiscal monitoring. Program monitoring is performed by program-specific staff and focuses on requirements related to certain aspects of Activities Allowed and Client Eligibility. During FY2022, the department performed program monitoring activities as planned. Fiscal monitoring reviews compliance requirements related to Allowable Costs, Activities Allowed, and Earmarking. However, fiscal monitoring activities were limited due to staff turnover. As a result, limited fiscal monitoring procedures were performed for 5 of 17 subrecipients, and fiscal monitoring risk assessments were not performed for any of the 17 subrecipients. Without the performance of subrecipient risk assessments and adequate fiscal monitoring, the department risks distributing program funds to subrecipients out of compliance with federal program requirements. Additionally, we reviewed 5 randomly selected subrecipients to determine whether all required grant award information was communicated at the time of the subaward. For all of the 5 subrecipients reviewed, only some of the required information was communicated at the time of the award. The required information missing in the original grant agreements was communicated via agreement amendments several months later. Without timely communication of required grant information, subrecipients may not have all the information they need for the subaward they received. We recommend department management ensure subrecipient risk assessments are performed for all subrecipients and ensure required fiscal monitoring activities are performed based on the results of the risk assessments. We also recommend department management ensure all required award information is communicated to subrecipients at the time of the subawards.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
2022 ? 007 (Previously 2021-003) Subrecipient Monitoring (Significant Deficiency and Noncompliance) Federal Agency: U.S. Department of Treasury Federal Program Name: Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.027 Federal Award Identification Number and Year: Pub. L. No. 117-2-2021 Award Period: 5/10/2021 - 12/31/2026 Type of Finding: ? Significant Deficiency in Internal Control over Compliance, Other Matters Criteria or specific requirement: According to ? 200.303 Internal controls of 2 CFR Part 200, the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. According to ? 200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must: ? Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. ? Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. ? Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501. ? Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. According to the City's subrecipient monitoring policies and procedures, monitoring of subrecipients shall be conducted as often as may be required at the discretion of the Community Development Division or at least once per program year. An annual Risk Assessment will be completed to determine a ranking for the activity. The Risk Assessment ranking score will determine whether a monitoring review will occur. Condition: During our testing, it was noted that the City did not follow federal subrecipient monitoring and management regulation nor its subrecipient monitoring policies and procedures. Questioned costs: None 2022 ? 007 (Previously 2021-003) Subrecipient Monitoring (Significant Deficiency and Noncompliance) (Continued) Context: During our testing, we noted the following exceptions: ? For 2 of 4 subrecipients, the City did not utilize the risk assessment tool specific to ARPA which does have a different risk assessment ranking score determining the monitoring of the subrecipient. The City did, however, perform a monitoring visit for the subrecipients. ? For 1 of 4 subrecipients, the City did not utilize the risk assessment tool specific to ARPA. The City utilized the AGA Risk Assessment Monitoring Tool. We noted the following exceptions. ? According to the Introduction of the AGA Risk Assessment Monitoring Tool, while the risk assessment monitoring tool may be useful in supplementing existing tools, it is not intended to replace any risk assessment tools that may already be in use by monitoring agencies. Further, the City omitted the Programmatic Assessment of the AGA Risk Assessment Monitoring Tool. ? According to the Introduction of the AGA Risk Assessment Monitoring Tool, in using the risk assessment tool, monitoring agencies are encouraged to develop applicable risk factors to evaluate programmatic compliance risk and should use professional judgment in developing a weighted scoring system for each component of the assessment. The City did not develop a weighted scoring system for each component of the assessment. ? No evidence of approval of the AGA Risk Assessment Monitoring Tool. ? In the Monitoring/Audit Assessment section of the AGA Risk Assessment Monitoring Tool, the City marked all N/A based on a response of the subrecipient has not needed to complete a single audit in the past. However, the subrecipient did have a single audit for the fiscal year end date of 12/31/2020 with the Federal Audit Clearinghouse receiving the audit report on 5/27/2021. No review of the single audit by the City. Management?s Progress for Repeat Findings: The City Controller reviewed the listing of subrecipient risk assessments for 2022 and the listing was determined to be complete. The City will update the subrecipient monitoring policies and procedures ad provide training to the departments. Cause: The City failed to follow federal subrecipient monitoring and management regulation nor its subrecipient monitoring policies and procedures. Repeat Finding: 2021-003 Effect: The auditor noted instances of noncompliance. Noncompliance results in subrecipients' noncompliance with federal statutes, regulations, and the terms and conditions of the subaward. Recommendation: We recommend the City design controls to ensure compliance with federal subrecipient monitoring and management regulation and its subrecipient monitoring policies and procedures. Management Response: Management agrees with the finding. The City will develop standard City-wide subrecipient management policies and procedures including risk assessment and monitoring tools. Additionally, any federal program with two or more City departments managing subrecipients will use the same subrecipient tools to ensure consistency. Timeline and Responsible Position: June 2023 ? City Controller/DFAS Deputy Director
Criteria or Specific Requirement: In accordance with 2 CFR section 200.332(b), each subrecipient?s risk of noncompliance must be evaluated. Condition: The City has two subrecipients under this grant receiving $674,871 out of expenditures of $1,187,264. The documentation of the risk assessment for one of the subrecipients who received $103,621 could not be found. Cause: Due care as it relates to documentation retention was not in place. Effect: The City does not have evidence that the subrecipient has low risk of noncompliance. Questioned Costs: None. Context: Other elements of subrecipient monitoring, such as the oversight of expenditures of funds via monthly and/or quarterly reporting, were in place. Identification of a repeat finding: Not a repeat finding. Recommendation: We recommend that management establish and maintain effective internal control ensuring proper risk assessment procedures as well as a process of ensuring document retention. Management Response: See Corrective Action Plan.
SIGNIFICANT DEFICIENCY IN INTERNAL CONTROL OVER COMPLIANCE ? U.S. DEPARTMENT OF THE TREASURY, PASSED THROUGH MINNESOTA DEPARTMENT OF EDUCATION, CORONAVIRUS STATE AND LOCAL FISCAL RECOVERY FUNDS ? FEDERAL ALN 21.027 2022-003 Internal Controls Over Compliance With Subrecipient Monitoring Requirements Criteria ? 2 CFR ? 200.332 requires the District as a pass-through entity, to have written subrecipient monitoring policies and procedures that include a written risk assessment of each subrecipient and documentation of the District?s monitoring of the subrecipient. Additionally, as a pass-through entity, the District is required to verify that every subrecipient is audited as required by 2 CFR ? 200 Subpart F when it is expected that the subrecipient?s federal awards expended during the respective fiscal year equaled or exceeded the threshold for a federal single audit. Condition ? During our audit, we noted that the District did not have documented written controls to ensure compliance with the U.S. Office of Management and Budget?s Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) subrecipient monitoring requirements. The District did not maintain documentation of their evaluation of each subrecipient?s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward, nor did the District maintain documentation of the results of the subrecipients? single audit, if any, for purposes of determining the appropriate subrecipient monitoring. Questioned Costs ? Not applicable. Context ? The District passed through $548,292 to seven subrecipients during the fiscal year. Repeat Finding ? This is a current year finding. Cause ? This was an oversight by district personnel. Effect ? This could be viewed as a violation of the award agreement. Recommendation ? We recommend that the District review its internal control procedures relating to subrecipient monitoring for all federal programs. We also recommend the District adopt written policies pertaining to subrecipient monitoring for all federal programs. Finally, we recommend the District identify subrecipients and maintain documentation of written risk assessments of each subrecipient, that includes a consideration of the subrecipient?s single audit results, if any. View of Responsible Official and Planned Corrective Actions ? The District agrees with the finding. The District is in the process of reviewing its internal control procedures and updating its written policies and procedures relating to subrecipient monitoring for its federal programs to ensure compliance with the Uniform Guidance in the future. The District has separately issued a Corrective Action Plan related to this finding.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.