Finding Reference Number: 2022-018 NH Department of Health and Human Services Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) and COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) (Assistance Listing #93.323) Federal Award Numbers: NUK50CK000522 Federal Award Year: 2019 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2021-021 Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Identify the Award and Applicable Requirements ? Clearly identify to the subrecipient: (1) the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(1); (2) all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.332(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). 2. Evaluate Risk ? Evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 3. Monitor ? Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. 4. Ensure Accountability of For-Profit Subrecipients ? Some federal awards may be passed through to for-profit entities. For-profit subrecipients are accountable to the PTE for the use of the federal funds provided. Because 2 CFR Part 200 does not make Subpart F applicable to for-profit subrecipients, the PTE is responsible for establishing requirements, as necessary, to ensure compliance by for-profit subrecipients for the subaward. The agreement with the for-profit subrecipient must describe applicable compliance requirements and the for-profit subrecipient's compliance responsibility. Methods to ensure compliance for federal awards made to for-profit subrecipients may include pre-award audits, monitoring during the agreement, and post-award audits (2 CFR section 200.501(h)). Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award Condition During the year ended June 30, 2022, the New Hampshire Department of Health and Human Services (the Department) passed through $5,070,789 of federal funding to 56 subrecipients, both for-profit and non-profit. As part of our testing related subrecipient monitoring, we noted the following: A. The Department communicates award information to subrecipients through the approved agreement. Per review of the agreement, for 14 of 14 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332(a). Specifically, one or all of the following elements were not communicated: - Subrecipient unique entity identifier; - Federal award date; - Name of the federal awarding agency, pass-through entity, and contact information for the awarding official of the pass-through entity; - Identification of whether the award is R&D; and - Indirect cost rate for the federal award B. The Department was unable to provide documentation to support it had evaluated subrecipient risk of noncompliance for all subrecipients for purposes of determining the appropriate subrecipient monitoring related to subawards. C. The Department did not perform any during the award monitoring over the programs subrecipients. D. The Department passed through federal funding to for-profit subrecipients. These subrecipients are not subject to 2 CFR 200 Subpart F and as such, no review over the uniform guidance audit report is performed by the Department. The Department was unable to provide documentation to support it had performed procedures to ensure compliance with the subrecipient agreement in accordance with 2 CFR section 200.501(h). Cause The cause of the condition found was primarily due to a lack of formal policies and internal controls to ensure that all required subrecipient monitoring compliance procedures are being performed by the Department. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(a - h) and 2 CFR section 200.501(h). Questioned Costs None. Recommendation We recommend the Department develop policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(a-h) and 2 CFR section 200.501(h). View of Responsible Officials The Department will review its Sub-recipient Monitoring Policy and assess compliance across the Department. It is important to note that between April 2020 and June 2022 the Department was involved in the State?s strategic response to the COVID-19 pandemic. During this time, New Hampshire was under a state of emergency (Executive Order 2020-04), processes were rapidly converted to fully digital overnight, the State?s standard approval processes were suspended and non-standard templates were utilized to respond to the COVID-19 pandemic. The Department worked with other State Departments and the National Guard to create a record number of amendments, contracts, and other agreements (approximately 200% more than standard). The Department is in the process of instituting a new contract life cycle management solution that will utilize conditional logic to include the required notifications for agreements involving federal funds in order to ensure compliance. Implementation is anticipated to be complete in July 2023. As the COVID-19 pandemic strategic response has wound down, the Department has not suspended its regular standard approval or subrecipient risk assessment and monitoring processes and has not used non-standard templates to award federal funding. The Financial Compliance Unit (FCU) will continue to work with the Business System Analyst of the Cost Allocation Unit in determining the amount of Federal payments made to the vendors. The FCU receives a vendor payment list on a quarterly basis that includes the total amount of Federal funds that were paid to all contracted agencies. We will continue to closely monitor the FAC to obtain all copies of the Single Audits pertaining to the DHHS agencies. In addition, we will devise a spreadsheet that will list all contracts that have been awarded Federal funds and cross check these agencies to vendor payment list. The DHHS updated the policy on risk assessment on November 16, 2020 to ensure that all contracts have a risk assessment performed regardless of funding source. We also have added verbiage in the contracts effective for contracts that begin after November 2021. It states any Contractor that receives an amount equal to or greater than $250,000 from the Department during a single fiscal year, regardless of the funding source, may be required, at a minimum, to submit annual financial audits performed by an independent CPA if the Department?s risk assessment determination indicates the Contractor is high-risk. Finally, effective for any new procurement subsequent to March 2022, all back-up documentation must accompany the invoices and be submitted on a monthly basis. Anticipated Completion Date: July 2023 Contact Person: Melissa Kelleher, Grants Administrator, Ann Driscoll, Financial Compliance Unit
Finding Reference Number: 2022-018 NH Department of Health and Human Services Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) and COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) (Assistance Listing #93.323) Federal Award Numbers: NUK50CK000522 Federal Award Year: 2019 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2021-021 Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Identify the Award and Applicable Requirements ? Clearly identify to the subrecipient: (1) the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(1); (2) all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.332(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). 2. Evaluate Risk ? Evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 3. Monitor ? Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. 4. Ensure Accountability of For-Profit Subrecipients ? Some federal awards may be passed through to for-profit entities. For-profit subrecipients are accountable to the PTE for the use of the federal funds provided. Because 2 CFR Part 200 does not make Subpart F applicable to for-profit subrecipients, the PTE is responsible for establishing requirements, as necessary, to ensure compliance by for-profit subrecipients for the subaward. The agreement with the for-profit subrecipient must describe applicable compliance requirements and the for-profit subrecipient's compliance responsibility. Methods to ensure compliance for federal awards made to for-profit subrecipients may include pre-award audits, monitoring during the agreement, and post-award audits (2 CFR section 200.501(h)). Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award Condition During the year ended June 30, 2022, the New Hampshire Department of Health and Human Services (the Department) passed through $5,070,789 of federal funding to 56 subrecipients, both for-profit and non-profit. As part of our testing related subrecipient monitoring, we noted the following: A. The Department communicates award information to subrecipients through the approved agreement. Per review of the agreement, for 14 of 14 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332(a). Specifically, one or all of the following elements were not communicated: - Subrecipient unique entity identifier; - Federal award date; - Name of the federal awarding agency, pass-through entity, and contact information for the awarding official of the pass-through entity; - Identification of whether the award is R&D; and - Indirect cost rate for the federal award B. The Department was unable to provide documentation to support it had evaluated subrecipient risk of noncompliance for all subrecipients for purposes of determining the appropriate subrecipient monitoring related to subawards. C. The Department did not perform any during the award monitoring over the programs subrecipients. D. The Department passed through federal funding to for-profit subrecipients. These subrecipients are not subject to 2 CFR 200 Subpart F and as such, no review over the uniform guidance audit report is performed by the Department. The Department was unable to provide documentation to support it had performed procedures to ensure compliance with the subrecipient agreement in accordance with 2 CFR section 200.501(h). Cause The cause of the condition found was primarily due to a lack of formal policies and internal controls to ensure that all required subrecipient monitoring compliance procedures are being performed by the Department. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(a - h) and 2 CFR section 200.501(h). Questioned Costs None. Recommendation We recommend the Department develop policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(a-h) and 2 CFR section 200.501(h). View of Responsible Officials The Department will review its Sub-recipient Monitoring Policy and assess compliance across the Department. It is important to note that between April 2020 and June 2022 the Department was involved in the State?s strategic response to the COVID-19 pandemic. During this time, New Hampshire was under a state of emergency (Executive Order 2020-04), processes were rapidly converted to fully digital overnight, the State?s standard approval processes were suspended and non-standard templates were utilized to respond to the COVID-19 pandemic. The Department worked with other State Departments and the National Guard to create a record number of amendments, contracts, and other agreements (approximately 200% more than standard). The Department is in the process of instituting a new contract life cycle management solution that will utilize conditional logic to include the required notifications for agreements involving federal funds in order to ensure compliance. Implementation is anticipated to be complete in July 2023. As the COVID-19 pandemic strategic response has wound down, the Department has not suspended its regular standard approval or subrecipient risk assessment and monitoring processes and has not used non-standard templates to award federal funding. The Financial Compliance Unit (FCU) will continue to work with the Business System Analyst of the Cost Allocation Unit in determining the amount of Federal payments made to the vendors. The FCU receives a vendor payment list on a quarterly basis that includes the total amount of Federal funds that were paid to all contracted agencies. We will continue to closely monitor the FAC to obtain all copies of the Single Audits pertaining to the DHHS agencies. In addition, we will devise a spreadsheet that will list all contracts that have been awarded Federal funds and cross check these agencies to vendor payment list. The DHHS updated the policy on risk assessment on November 16, 2020 to ensure that all contracts have a risk assessment performed regardless of funding source. We also have added verbiage in the contracts effective for contracts that begin after November 2021. It states any Contractor that receives an amount equal to or greater than $250,000 from the Department during a single fiscal year, regardless of the funding source, may be required, at a minimum, to submit annual financial audits performed by an independent CPA if the Department?s risk assessment determination indicates the Contractor is high-risk. Finally, effective for any new procurement subsequent to March 2022, all back-up documentation must accompany the invoices and be submitted on a monthly basis. Anticipated Completion Date: July 2023 Contact Person: Melissa Kelleher, Grants Administrator, Ann Driscoll, Financial Compliance Unit
Finding Reference Number: 2022-021 NH Department of Health and Human Services Temporary Assistance for Needy Families and COVID-19 Temporary Assistance for Needy Families (Assistance Listing #93.558) Federal Award Numbers: 2021G996115, 2021G990228, 2022G996115 Federal Award Year: 2021, 2022 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: NA Statistically Valid Sample: No Criteria5 A pass-through entity must: 1. Clearly identify to the subrecipient required award information and applicable requirements described in 2 CFR section 200.332(a); 2. Evaluate each subrecipient?s risk of noncompliance for the purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 300.332(b)); 3. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required through the terms and conditions of the award, subaward monitoring must include following up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means; and 4. Issuing a management decision for audit findings pertaining to federal award provided to the subrecipient from the subrecipient as required by 2 CFR section 200.521. Additionally, per 2 CFR section 200.303, non-federal entities must establish and maintain effective internal control over federal awards that provide reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Condition As part of the Temporary Assistance for Needy Families program (TANF), the New Hampshire Department of Health and Human Services (the Department) enters into grant agreements with local entities to provide services to support eligible participants. During the year ended June 30, 2022, the Department passed through $3,307,974 to subrecipients. As part of our testwork over the subrecipient monitoring process, we noted the following: A. For 1 of 7 subrecipients selected for testwork, per review of the grant agreement, we noted that the agreement did not contain any funding to be paid under the TANF program and should not have been identified as a TANF subrecipient. The total amount paid to the entity was $13,530. B. The Department communicates award information to subrecipients through the approved grant agreement. Per review of the grant agreement, for 4 of the remaining 6 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332. Specifically, the following elements were not communicated: a. The subrecipient?s unique identifier was not communicated for 1 of the remaining 6 subrecipients selected for testwork b. Indirect cost rate for federal awards (including if the deminimus rate is charged per 2 CFR section 200.414) was not communicated for 2 of the remaining 6 subrecipients selected for testwork c. Identification of whether the award is R&D was not communicated for 4 of the remaining 6 subrecipients selected for testwork. C. The Department did not perform a risk assessment for all subrecipients selected for testwork. As a result, it is unclear if any additional targeted subrecipient monitoring should have been performed. D. For 1 of the remaining 6 subrecipients selected for testwork, there was no evidence that a programmatic monitoring review was completed for the subrecipient as required by their subrecipient monitoring policy. As there was no risk assessment performed for the subrecipient, it was unclear as to whether a programmatic monitoring visit should have been performed. Cause The cause of the condition found is primarily due to insufficient internal controls and procedures to ensure that federal reimbursement of expenditures are only disbursed to entities that have an approved subrecipient grant agreement. In addition, there are insufficient internal controls and procedures to ensure that award identification information is properly communicated with grant agreements and that risk assessments are performed to ensure sufficient during the awarded monitoring is performed over all subrecipients. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(a), section 200.332(b), CFR section 200.521 and 2 CFR sections 200.332(d) through (f). Questioned Costs $13,530 ? the amount in bullet A above. Recommendation We recommend that the Department review its existing internal controls, policies, and procedures to ensure that the Department complies with the provisions of 2 CFR section 200.332(a), 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.251. This would include ensuring that: 1. The Department has an approved subrecipient grant agreement prior to making any disbursements to an entity; 2. All required award information is communicated to subrecipients; 3. A documented risk assessment is performed over all subrecipients, and the results of that risk assessment is used to evaluate the types of monitoring procedures that will be performed over the subrecipient; and 4. As a result of the risk assessment performed, monitoring activities are performed over subrecipients to ensure compliance with the terms and conditions of its subrecipient grant agreement. View of Responsible Officials A. We concur with this finding. The Department utilized an internally available copy of the Management Log, which lists vendor?s determinations. This is a copy of the log, not the original, official copy. There is a delay in updating this copy from the original, and incorrect information had been initially entered. The Department is moving this log to software which allows all Department employees to view the same log, while limiting the number of individuals who have access to make changes. Implementation has been completed as of March 2023. B. We concur with this finding. However, we believe this was an isolated incident as the TANF CFDA number (93.558) used was very similar to correct CFDA number (93.778) that should have been documented. C. 200.332 requirements a. We do not concur with this finding. The contract for Mt Prospect became effective 8/4/21, prior to the 4/22 inception of the UEI. The DUNS number, as in effect at that time, is noticed in Exhibit J of the contract. b. We concur with three of the four findings. Two of the four contracts pre-date the template update requiring the notice an indirect cost rate. Indirect cost rate for federal awards (including if the de minimis rate is charged per 2 CFR section 200.414) were added to Exhibit C of the Department?s contracts in April 2020. One of the contracts did not indicate an indirect cost rate as required. One of the contracts notes the indirect cost rate in the Notes of their financial details. c. One of the two contracts pre-dates the template update requiring the notice the identification of R&D. R&D identifications for federal awards were added to Exhibit C of the Department?s contracts in April 2020 One of the two contracts did not identify whether the contract was R&D as required. D. Subrecipient Risk Assessment ? We concur with the finding. We consider the finding to be fully resolved through Department policy Department policy and Department wide implementation. However, it should be noted full compliance will not be achieved for one to two contact cycles due to timing. The Department began addressing the issue of Subrecipient Monitoring issue in June 2017 when the first Grants Administrator was hired. The Department finalized the Subrecipient Monitoring Policy, which encompasses the financial and programmatic risk assessments as well as the subrecipient monitoring, on June 1, 2018. The Department provided user training on the subject in February and September 2018, training over one hundred forty-six staff. However, only brand new procurements utilized this policy during the initial roll out of this policy. The Department hired a new Grants Administrator in May 2019. The full Subrecipient Monitoring policy rolled out to all procurements, including sole source, amendments, and renewals, effective August 1, 2020. The Contracts Unit received specialized subrecipient monitoring training on May 13 and October 28, 2020. Department wide training to all staff occurred weekly between September 8 and November 3, 2020. The Grants Office provided additional targeted training to Program staff through team meetings. Over one hundred fifty Program and Finance staff received training. Annual training will be held in September each year. Refresher training or training for new staff is available upon request from the Grants Office. The Grants Office website offers Program, Finance, and Contracts Bureau staff access to the subrecipient monitoring policy, as well as training modules, slides, and tools. The training has also been recorded and is available on this site. The Subrecipient Monitoring Policy requires Program to determine whether any vendor which receives funds in exchange for goods or services is a Contractor or Subrecipient. Determined subrecipients receive a Management Questionnaire, which includes a ten question questionnaire and requirements for submitting financial data. This information is used to populate the Risk Assessment Tool, which shows any risks pertinent to a subrecipient and the subaward. Based on the risks shown, Program chooses monitoring activities to mitigate the risks and the Contracts Bureau memorializes these choices in the contract. The Grants Office continues to work closely with the Contracts Bureau to ensure compliance with the Subrecipient Monitoring policy. C. and D. It is also important to note that between April 2020 and June 2022 the Department was involved in the State?s strategic response to the COVID-19 pandemic. During this time, New Hampshire was under a state of emergency (Executive Order 2020-04), processes were rapidly converted to fully digital overnight, the State?s standard approval processes were suspended and non-standard templates, which did not include the required notifications under 200.332, were utilized to respond to the COVID-19 pandemic. The Department worked with other State Departments and the National Guard to create a record number of amendments, contracts, and other agreements (approximately 200% more than standard). The Department is in the process of instituting a new contract life cycle management solution that will utilize conditional logic to include the required notifications for agreements involving federal funds in order to ensure compliance. Implementation is anticipated to be complete in July 2023. As the COVID-19 pandemic strategic response has wound down, the Department has not suspended its regular standard approval or subrecipient risk assessment and monitoring processes and has not used non-standard templates to award federal funding. E. We concur there was no formal documentation of any monitoring activity. Due to staff turnover a new administrator has been hired and unable to furnish the monitoring that took place during FY22. However, a program site review during FY23 was performed and financial monitoring of invoices has also taken place. Anticipated Completion Date: July, 2023 Contact Person: Melissa Kelleher, Administrator Rejoinder As documented above in Bullet B of the condition found, the Department did not properly communicate all required award information to the subrecipient. Once aware of the noncompliance, the Department should have timely communicated this information to its subrecipients.
Finding Reference Number: 2022-021 NH Department of Health and Human Services Temporary Assistance for Needy Families and COVID-19 Temporary Assistance for Needy Families (Assistance Listing #93.558) Federal Award Numbers: 2021G996115, 2021G990228, 2022G996115 Federal Award Year: 2021, 2022 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: NA Statistically Valid Sample: No Criteria5 A pass-through entity must: 1. Clearly identify to the subrecipient required award information and applicable requirements described in 2 CFR section 200.332(a); 2. Evaluate each subrecipient?s risk of noncompliance for the purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 300.332(b)); 3. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required through the terms and conditions of the award, subaward monitoring must include following up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means; and 4. Issuing a management decision for audit findings pertaining to federal award provided to the subrecipient from the subrecipient as required by 2 CFR section 200.521. Additionally, per 2 CFR section 200.303, non-federal entities must establish and maintain effective internal control over federal awards that provide reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Condition As part of the Temporary Assistance for Needy Families program (TANF), the New Hampshire Department of Health and Human Services (the Department) enters into grant agreements with local entities to provide services to support eligible participants. During the year ended June 30, 2022, the Department passed through $3,307,974 to subrecipients. As part of our testwork over the subrecipient monitoring process, we noted the following: A. For 1 of 7 subrecipients selected for testwork, per review of the grant agreement, we noted that the agreement did not contain any funding to be paid under the TANF program and should not have been identified as a TANF subrecipient. The total amount paid to the entity was $13,530. B. The Department communicates award information to subrecipients through the approved grant agreement. Per review of the grant agreement, for 4 of the remaining 6 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332. Specifically, the following elements were not communicated: a. The subrecipient?s unique identifier was not communicated for 1 of the remaining 6 subrecipients selected for testwork b. Indirect cost rate for federal awards (including if the deminimus rate is charged per 2 CFR section 200.414) was not communicated for 2 of the remaining 6 subrecipients selected for testwork c. Identification of whether the award is R&D was not communicated for 4 of the remaining 6 subrecipients selected for testwork. C. The Department did not perform a risk assessment for all subrecipients selected for testwork. As a result, it is unclear if any additional targeted subrecipient monitoring should have been performed. D. For 1 of the remaining 6 subrecipients selected for testwork, there was no evidence that a programmatic monitoring review was completed for the subrecipient as required by their subrecipient monitoring policy. As there was no risk assessment performed for the subrecipient, it was unclear as to whether a programmatic monitoring visit should have been performed. Cause The cause of the condition found is primarily due to insufficient internal controls and procedures to ensure that federal reimbursement of expenditures are only disbursed to entities that have an approved subrecipient grant agreement. In addition, there are insufficient internal controls and procedures to ensure that award identification information is properly communicated with grant agreements and that risk assessments are performed to ensure sufficient during the awarded monitoring is performed over all subrecipients. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(a), section 200.332(b), CFR section 200.521 and 2 CFR sections 200.332(d) through (f). Questioned Costs $13,530 ? the amount in bullet A above. Recommendation We recommend that the Department review its existing internal controls, policies, and procedures to ensure that the Department complies with the provisions of 2 CFR section 200.332(a), 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.251. This would include ensuring that: 1. The Department has an approved subrecipient grant agreement prior to making any disbursements to an entity; 2. All required award information is communicated to subrecipients; 3. A documented risk assessment is performed over all subrecipients, and the results of that risk assessment is used to evaluate the types of monitoring procedures that will be performed over the subrecipient; and 4. As a result of the risk assessment performed, monitoring activities are performed over subrecipients to ensure compliance with the terms and conditions of its subrecipient grant agreement. View of Responsible Officials A. We concur with this finding. The Department utilized an internally available copy of the Management Log, which lists vendor?s determinations. This is a copy of the log, not the original, official copy. There is a delay in updating this copy from the original, and incorrect information had been initially entered. The Department is moving this log to software which allows all Department employees to view the same log, while limiting the number of individuals who have access to make changes. Implementation has been completed as of March 2023. B. We concur with this finding. However, we believe this was an isolated incident as the TANF CFDA number (93.558) used was very similar to correct CFDA number (93.778) that should have been documented. C. 200.332 requirements a. We do not concur with this finding. The contract for Mt Prospect became effective 8/4/21, prior to the 4/22 inception of the UEI. The DUNS number, as in effect at that time, is noticed in Exhibit J of the contract. b. We concur with three of the four findings. Two of the four contracts pre-date the template update requiring the notice an indirect cost rate. Indirect cost rate for federal awards (including if the de minimis rate is charged per 2 CFR section 200.414) were added to Exhibit C of the Department?s contracts in April 2020. One of the contracts did not indicate an indirect cost rate as required. One of the contracts notes the indirect cost rate in the Notes of their financial details. c. One of the two contracts pre-dates the template update requiring the notice the identification of R&D. R&D identifications for federal awards were added to Exhibit C of the Department?s contracts in April 2020 One of the two contracts did not identify whether the contract was R&D as required. D. Subrecipient Risk Assessment ? We concur with the finding. We consider the finding to be fully resolved through Department policy Department policy and Department wide implementation. However, it should be noted full compliance will not be achieved for one to two contact cycles due to timing. The Department began addressing the issue of Subrecipient Monitoring issue in June 2017 when the first Grants Administrator was hired. The Department finalized the Subrecipient Monitoring Policy, which encompasses the financial and programmatic risk assessments as well as the subrecipient monitoring, on June 1, 2018. The Department provided user training on the subject in February and September 2018, training over one hundred forty-six staff. However, only brand new procurements utilized this policy during the initial roll out of this policy. The Department hired a new Grants Administrator in May 2019. The full Subrecipient Monitoring policy rolled out to all procurements, including sole source, amendments, and renewals, effective August 1, 2020. The Contracts Unit received specialized subrecipient monitoring training on May 13 and October 28, 2020. Department wide training to all staff occurred weekly between September 8 and November 3, 2020. The Grants Office provided additional targeted training to Program staff through team meetings. Over one hundred fifty Program and Finance staff received training. Annual training will be held in September each year. Refresher training or training for new staff is available upon request from the Grants Office. The Grants Office website offers Program, Finance, and Contracts Bureau staff access to the subrecipient monitoring policy, as well as training modules, slides, and tools. The training has also been recorded and is available on this site. The Subrecipient Monitoring Policy requires Program to determine whether any vendor which receives funds in exchange for goods or services is a Contractor or Subrecipient. Determined subrecipients receive a Management Questionnaire, which includes a ten question questionnaire and requirements for submitting financial data. This information is used to populate the Risk Assessment Tool, which shows any risks pertinent to a subrecipient and the subaward. Based on the risks shown, Program chooses monitoring activities to mitigate the risks and the Contracts Bureau memorializes these choices in the contract. The Grants Office continues to work closely with the Contracts Bureau to ensure compliance with the Subrecipient Monitoring policy. C. and D. It is also important to note that between April 2020 and June 2022 the Department was involved in the State?s strategic response to the COVID-19 pandemic. During this time, New Hampshire was under a state of emergency (Executive Order 2020-04), processes were rapidly converted to fully digital overnight, the State?s standard approval processes were suspended and non-standard templates, which did not include the required notifications under 200.332, were utilized to respond to the COVID-19 pandemic. The Department worked with other State Departments and the National Guard to create a record number of amendments, contracts, and other agreements (approximately 200% more than standard). The Department is in the process of instituting a new contract life cycle management solution that will utilize conditional logic to include the required notifications for agreements involving federal funds in order to ensure compliance. Implementation is anticipated to be complete in July 2023. As the COVID-19 pandemic strategic response has wound down, the Department has not suspended its regular standard approval or subrecipient risk assessment and monitoring processes and has not used non-standard templates to award federal funding. E. We concur there was no formal documentation of any monitoring activity. Due to staff turnover a new administrator has been hired and unable to furnish the monitoring that took place during FY22. However, a program site review during FY23 was performed and financial monitoring of invoices has also taken place. Anticipated Completion Date: July, 2023 Contact Person: Melissa Kelleher, Administrator Rejoinder As documented above in Bullet B of the condition found, the Department did not properly communicate all required award information to the subrecipient. Once aware of the noncompliance, the Department should have timely communicated this information to its subrecipients.
Finding Reference Number: 2022-025 NH Department of Energy Low Income Home Energy Assistance and COVID-19 Low Income Home Energy Assistance (Assistance Listing #93.568) Federal Award Numbers: 2001NHLEA, 2001NHLIE4, 2001NH5C3, 2101NHLIEA, 2101NHE5C6, 2201NHLIEA, 2101NHLIE4 Federal Award Year: 2020, 2021, 2022 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2021-027 Statistically Valid Sample: No Criteria A pass-through entity must: 1. Clearly identify to the subrecipient required award information and applicable requirements described in 2 CFR section 200.332(a); 2. Evaluate each subrecipient?s risk of noncompliance for the purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 300.332(b)); 3. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required through the terms and conditions of the award, subaward monitoring must include following up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means; and 4. Issuing a management decision for audit findings pertaining to federal award provided to the subrecipient from the subrecipient as required by 2 CFR section 200.521. Additionally, Title 45 U.S. Code of Federal Regulation Part 75 (45 CFR section 75), Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HS Awards, section 75.303(a), Internal Controls, states the non-Federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-Federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Condition As part of the Low-Income Home Energy Assistance program (LIHEAP), the New Hampshire Department of Energy (the Department) enters into grant agreements with local entities to provide services related to the eligibility determination process for the LIHEAP program (including the calculation of participant benefits) and payment of benefits to fuel providers. During the year ended June 30, 2022, $37,990,873 was passed through to subrecipients. As part of our testwork over the subrecipient monitoring process, we noted the following as of the year ending June 30, 2022: A. The Department communicates award information to subrecipients through the approved grant agreement. Per review of the grant agreement, for each of the 3 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332. Specifically, the following elements were not communicated: a. Federal Award Identification Number (FAIN) b. Federal award date c. Indirect cost rate for federal awards (including if the deminimus rate is charged per 2 CFR section 200.414) d. Identification of whether the award is R&D B. The Department performed a risk assessment for each of the 3 subrecipients selected for testwork. As part of the risk assessment process, a score was given to each subrecipient with corresponded to a particular risk assessment, such as higher or average risk. The Department however does not have a formal risk assessment policy so it was unclear what additional monitoring procedures should have been performed for each subrecipient based upon their assigned risk. C. For 2 of 3 programmatic monitoring reviews selected for testwork, the Department did not tissue its programmatic monitoring reports to the subrecipient timely after the monitoring review was completed. As a result, there was a delay in the subrecipient implementing its corrective action plan to address the findings identified during the programmatic monitoring review. Specifically, we noted the following: a. For 1 of 2 programmatic monitoring reviews, the monitoring review took place on April 14, 2022, but the report to the subrecipient was not issued until September 2022. Per review of the report that was issued, there were findings identified by the Department that warranted corrective action. Due to the delay in issuing the report, a corrective action plan was not obtained from the subrecipient until 5 months after the date of that the monitoring review took place b. For 1 of 2 programmatic monitoring reviews, the monitoring review took place on April 12, 2022, but the report to the subrecipient was not issued until July 2022. Per review of the report that was issued, there were findings identified by the Department that warranted corrective action. Due to the delay in issuing the report, a corrective action plan was not obtained from the subrecipient until 3 months after the date that the monitoring review took place. D. For all 3 subrecipients selected for testwork, the Department did not complete its annual fiscal monitoring review during the audit period as required by their monitoring policy. E. During our testwork over the Department?s review of subrecipient uniform guidance reports, we noted the following: a. The Department does not track the receipt of uniform guidance reports. As a result, we were unable to determine when the uniform guidance reports were received by the Department to ensure they are reviewed timely. Specifically, we noted: i. For 1 of 3 subrecipients, the subrecipient?s uniform guidance appeared to have been reviewed, but as the Department does not track the receipt of uniform guidance reports, it was unclear if it was reviewed timely. We did note based on the date that the uniform guidance report was issued, the management decision letter was not issued within 6 months of the date of the report being issued as required by 2 CRF 200.521 (d). ii. For 2 of 3 subrecipients selected for testwork, we were unable to obtain evidence to support that the Department had obtained and reviewed the subrecipient?s uniform guidance report. F. The Annual Report on Households Assisted by LIHEAP contains data that is specific to benefits paid to eligible participants. The data that is used to compile the annual report is obtained from case data that is reported to the New Hampshire Department of Energy (the Department) from its subrecipients as the Department has entered into grant agreements with third parties who are responsible for the eligibility determination and benefit payment process. As part of our subrecipient monitoring testwork, we were unable to verify that the Department had performed any monitoring procedures over the data provided by each subrecipient to ensure that the data reported within the annual report was complete and accurate. Cause The cause of the condition found was primarily due to insufficient documented subrecipient policies and procedures to ensure that adequate monitoring is performed over subrecipients to align with the risk assessments performed. The monitoring procedures that are in place to not include the completeness and accuracy of the data submitted by the subrecipient utilized to compile federal reports. Further, the Department does not have sufficient internal controls and procedures to ensure results of monitoring visits are performed and results communicated timely to subrecipient or to ensure that subrecipient uniform guidance reports are obtained and reviewed timely. In addition, there are insufficient internal controls in place to review the grant agreements to ensure that all required data elements are communicated to the subrecipient in accordance with 2 CFR section 300.332(b). Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(a), section 200.332(b) and 2 CFR section 200.521. Questioned Costs None. Recommendation We recommend that the Department formalize, policies and procedures and implement the necessary internal controls to ensure that the Department complies with the provisions of 2 CFR section 200.332(a), 2 CFR section 200.332(b) and 2 CFR section 200.251. This would include ensuring that: 1. All required award information is communicated to subrecipients; 2. A documented risk assessment is performed over all subrecipients and the results of that risk assessment is used to evaluate the types of monitoring procedures that will be performed over the subrecipient including the review of data utilized by the Department to compile federal reports; 3. As a result of the risk assessment performed, monitoring activities are performed over subrecipients to ensure compliance with the terms and conditions of its subrecipient grant agreement. The results of all monitoring reviews should be timely communicated in accordance with the Department?s policies to the subrecipient and actions requiring corrective action plan should be followed up on to ensure that the matter is resolved; and 4. Ensure that all uniform guidance reports are collected and reviewed timely so that a management decision letter can be issued within the time period required by federal regulations. View of Responsible Officials The Department of Energy recognizes the need to include all required information to be communicated to sub-recipients, and that all sub-recipients? risk assessments are thoroughly completed. In addition, uniform guidance reports need to be collected and reviewed to ensure that management letters be issued within the required timeframe. Anticipated Completion Date: Ongoing Contact Person Eileen Smiglowski, NH LIHEAP Administrator
Finding Reference Number: 2022-025 NH Department of Energy Low Income Home Energy Assistance and COVID-19 Low Income Home Energy Assistance (Assistance Listing #93.568) Federal Award Numbers: 2001NHLEA, 2001NHLIE4, 2001NH5C3, 2101NHLIEA, 2101NHE5C6, 2201NHLIEA, 2101NHLIE4 Federal Award Year: 2020, 2021, 2022 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2021-027 Statistically Valid Sample: No Criteria A pass-through entity must: 1. Clearly identify to the subrecipient required award information and applicable requirements described in 2 CFR section 200.332(a); 2. Evaluate each subrecipient?s risk of noncompliance for the purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 300.332(b)); 3. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required through the terms and conditions of the award, subaward monitoring must include following up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means; and 4. Issuing a management decision for audit findings pertaining to federal award provided to the subrecipient from the subrecipient as required by 2 CFR section 200.521. Additionally, Title 45 U.S. Code of Federal Regulation Part 75 (45 CFR section 75), Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HS Awards, section 75.303(a), Internal Controls, states the non-Federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-Federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Condition As part of the Low-Income Home Energy Assistance program (LIHEAP), the New Hampshire Department of Energy (the Department) enters into grant agreements with local entities to provide services related to the eligibility determination process for the LIHEAP program (including the calculation of participant benefits) and payment of benefits to fuel providers. During the year ended June 30, 2022, $37,990,873 was passed through to subrecipients. As part of our testwork over the subrecipient monitoring process, we noted the following as of the year ending June 30, 2022: A. The Department communicates award information to subrecipients through the approved grant agreement. Per review of the grant agreement, for each of the 3 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332. Specifically, the following elements were not communicated: a. Federal Award Identification Number (FAIN) b. Federal award date c. Indirect cost rate for federal awards (including if the deminimus rate is charged per 2 CFR section 200.414) d. Identification of whether the award is R&D B. The Department performed a risk assessment for each of the 3 subrecipients selected for testwork. As part of the risk assessment process, a score was given to each subrecipient with corresponded to a particular risk assessment, such as higher or average risk. The Department however does not have a formal risk assessment policy so it was unclear what additional monitoring procedures should have been performed for each subrecipient based upon their assigned risk. C. For 2 of 3 programmatic monitoring reviews selected for testwork, the Department did not tissue its programmatic monitoring reports to the subrecipient timely after the monitoring review was completed. As a result, there was a delay in the subrecipient implementing its corrective action plan to address the findings identified during the programmatic monitoring review. Specifically, we noted the following: a. For 1 of 2 programmatic monitoring reviews, the monitoring review took place on April 14, 2022, but the report to the subrecipient was not issued until September 2022. Per review of the report that was issued, there were findings identified by the Department that warranted corrective action. Due to the delay in issuing the report, a corrective action plan was not obtained from the subrecipient until 5 months after the date of that the monitoring review took place b. For 1 of 2 programmatic monitoring reviews, the monitoring review took place on April 12, 2022, but the report to the subrecipient was not issued until July 2022. Per review of the report that was issued, there were findings identified by the Department that warranted corrective action. Due to the delay in issuing the report, a corrective action plan was not obtained from the subrecipient until 3 months after the date that the monitoring review took place. D. For all 3 subrecipients selected for testwork, the Department did not complete its annual fiscal monitoring review during the audit period as required by their monitoring policy. E. During our testwork over the Department?s review of subrecipient uniform guidance reports, we noted the following: a. The Department does not track the receipt of uniform guidance reports. As a result, we were unable to determine when the uniform guidance reports were received by the Department to ensure they are reviewed timely. Specifically, we noted: i. For 1 of 3 subrecipients, the subrecipient?s uniform guidance appeared to have been reviewed, but as the Department does not track the receipt of uniform guidance reports, it was unclear if it was reviewed timely. We did note based on the date that the uniform guidance report was issued, the management decision letter was not issued within 6 months of the date of the report being issued as required by 2 CRF 200.521 (d). ii. For 2 of 3 subrecipients selected for testwork, we were unable to obtain evidence to support that the Department had obtained and reviewed the subrecipient?s uniform guidance report. F. The Annual Report on Households Assisted by LIHEAP contains data that is specific to benefits paid to eligible participants. The data that is used to compile the annual report is obtained from case data that is reported to the New Hampshire Department of Energy (the Department) from its subrecipients as the Department has entered into grant agreements with third parties who are responsible for the eligibility determination and benefit payment process. As part of our subrecipient monitoring testwork, we were unable to verify that the Department had performed any monitoring procedures over the data provided by each subrecipient to ensure that the data reported within the annual report was complete and accurate. Cause The cause of the condition found was primarily due to insufficient documented subrecipient policies and procedures to ensure that adequate monitoring is performed over subrecipients to align with the risk assessments performed. The monitoring procedures that are in place to not include the completeness and accuracy of the data submitted by the subrecipient utilized to compile federal reports. Further, the Department does not have sufficient internal controls and procedures to ensure results of monitoring visits are performed and results communicated timely to subrecipient or to ensure that subrecipient uniform guidance reports are obtained and reviewed timely. In addition, there are insufficient internal controls in place to review the grant agreements to ensure that all required data elements are communicated to the subrecipient in accordance with 2 CFR section 300.332(b). Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(a), section 200.332(b) and 2 CFR section 200.521. Questioned Costs None. Recommendation We recommend that the Department formalize, policies and procedures and implement the necessary internal controls to ensure that the Department complies with the provisions of 2 CFR section 200.332(a), 2 CFR section 200.332(b) and 2 CFR section 200.251. This would include ensuring that: 1. All required award information is communicated to subrecipients; 2. A documented risk assessment is performed over all subrecipients and the results of that risk assessment is used to evaluate the types of monitoring procedures that will be performed over the subrecipient including the review of data utilized by the Department to compile federal reports; 3. As a result of the risk assessment performed, monitoring activities are performed over subrecipients to ensure compliance with the terms and conditions of its subrecipient grant agreement. The results of all monitoring reviews should be timely communicated in accordance with the Department?s policies to the subrecipient and actions requiring corrective action plan should be followed up on to ensure that the matter is resolved; and 4. Ensure that all uniform guidance reports are collected and reviewed timely so that a management decision letter can be issued within the time period required by federal regulations. View of Responsible Officials The Department of Energy recognizes the need to include all required information to be communicated to sub-recipients, and that all sub-recipients? risk assessments are thoroughly completed. In addition, uniform guidance reports need to be collected and reviewed to ensure that management letters be issued within the required timeframe. Anticipated Completion Date: Ongoing Contact Person Eileen Smiglowski, NH LIHEAP Administrator
Criteria or specific requirement: According to ? 2 CFR 200.332 Requirements for Pass-through Entities, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Condition: The Organization lacked a process to complete a risk assessment that would allow the Organization to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Questioned costs: None. Context: We noted the Organization is not in compliance with the requirements defined within 2 CFR ?200.332(b). Cause: The Organization lacks established internal controls and procedures that ensure a risk assessment is performed on all Subrecipients. Effect: The lack of internal controls over this compliance requirement provides an opportunity for noncompliance. Appropriate subrecipient monitoring may not be determined as there are no risk assessments being performed. Repeat Finding: Yes: 2021-003 Recommendation: We recommend the Organization revise their Subrecipient Monitoring Policy to include performing subrecipient risk assessments on all subrecipient relationships that the Organization enters into. Views of responsible officials: Management concurs with the finding. While the Subrecipient Monitoring Policy was updated, Mental Health Partners did not have procedures in place to ensure risk assessments were performed on all subrecipients for each grant period. The Controller, Grants Manager, and Contracts Manager are currently updating the internal controls and procedures to ensure that risk assessments are performed for each subrecipient for each grant period in compliance with 2 CFR 200.332(b).
Criteria or specific requirement: According to ? 2 CFR 200.332 Requirements for Pass-through Entities, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Condition: The Organization lacked a process to complete a risk assessment that would allow the Organization to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Questioned costs: None. Context: We noted the Organization is not in compliance with the requirements defined within 2 CFR ?200.332(b). Cause: The Organization lacks established internal controls and procedures that ensure a risk assessment is performed on all Subrecipients. Effect: The lack of internal controls over this compliance requirement provides an opportunity for noncompliance. Appropriate subrecipient monitoring may not be determined as there are no risk assessments being performed. Repeat Finding: Yes: 2021-003 Recommendation: We recommend the Organization revise their Subrecipient Monitoring Policy to include performing subrecipient risk assessments on all subrecipient relationships that the Organization enters into. Views of responsible officials: Management concurs with the finding. While the Subrecipient Monitoring Policy was updated, Mental Health Partners did not have procedures in place to ensure risk assessments were performed on all subrecipients for each grant period. The Controller, Grants Manager, and Contracts Manager are currently updating the internal controls and procedures to ensure that risk assessments are performed for each subrecipient for each grant period in compliance with 2 CFR 200.332(b).
Criteria or specific requirement: According to ? 2 CFR 200.332 Requirements for Pass-through Entities, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Condition: The Organization lacked a process to complete a risk assessment that would allow the Organization to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Questioned costs: None. Context: We noted the Organization is not in compliance with the requirements defined within 2 CFR ?200.332(b). Cause: The Organization lacks established internal controls and procedures that ensure a risk assessment is performed on all Subrecipients. Effect: The lack of internal controls over this compliance requirement provides an opportunity for noncompliance. Appropriate subrecipient monitoring may not be determined as there are no risk assessments being performed. Repeat Finding: Yes: 2021-003 Recommendation: We recommend the Organization revise their Subrecipient Monitoring Policy to include performing subrecipient risk assessments on all subrecipient relationships that the Organization enters into. Views of responsible officials: Management concurs with the finding. While the Subrecipient Monitoring Policy was updated, Mental Health Partners did not have procedures in place to ensure risk assessments were performed on all subrecipients for each grant period. The Controller, Grants Manager, and Contracts Manager are currently updating the internal controls and procedures to ensure that risk assessments are performed for each subrecipient for each grant period in compliance with 2 CFR 200.332(b).
Assistance Listings number and name: 97.024 Emergency Food and Shelter National Board Program Award number and year: 0727200-056, April 1, 2021 through September 30, 2022 Federal agency: Federal Emergency Management Agency Pass-through grantor: United Way Compliance requirement: Subrecipient monitoring Questioned costs: Unknown Condition?The County?s Grants Management and Innovation Department awarded $1.6 million to 1 of 2 subrecipients during the year, or 15 percent of the Department?s $10.6 million total program expenditures, but did not perform all the required monitoring activities of the subrecipient?s activities or compliance with the award terms and program requirements. Specifically, the Department performed insufficient monitoring during the year, which consisted only of reviewing and approving the subrecipient?s invoices of program expenditures for reimbursement. However, those monitoring procedures alone were not sufficient to evaluate whether the subrecipient used program monies in accordance with the award terms and program requirements. Effect?The Department?s lack of required monitoring increased the risk that the $1.6 million of program monies the Department awarded to this subrecipient may not have been spent in accordance with the award terms and program requirements. Cause?Department management reported that it had a previous contractor relationship with the subrecipient and had not reevaluated the substance of its federal award agreement with it, as required by federal regulation, to properly identify the need to implement subrecipient monitoring procedures. Criteria?Federal regulations require the County to evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program?s requirements that the County should monitor (2 Code of Federal Regulation [CFR] ?200.331). Additionally, federal regulations require the County to monitor subrecipients, which includes required monitoring procedures for assessing the risk of each subrecipient?s noncompliance and monitoring activities based on those risk assessments; verifying single audits were conducted timely; following up on and ensuring corrective action is taken on audit findings that could potentially affect the program; and issuing a management decision for audit findings pertaining to the federal award. Those federal regulations also provide that monitoring procedures may include reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing onsite reviews, selective audits, and/or other monitoring procedures (2 CFR ?200.332[b] and [d ? e]). Also, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that the federal program is being managed in compliance with all applicable laws, regulations, and award terms (2 CFR ?200.303). Recommendations?The Department should: 1. Evaluate the substance of its federal award agreements with other parties to determine whether each of the other parties receiving the monies have the role of a subrecipient or contractor and whether they are required to comply with any of the federal program?s requirements that the Department should monitor. 2. Ensure it performs required monitoring of its subrecipients and their compliance with the award terms and program requirements by following its existing policies and procedures that require the Department to: a. Assess the risk of each subrecipient?s noncompliance and carry out monitoring activities based on those risk assessments such as reviewing financial and performance reports, providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on any audit findings that could potentially affect the program, and issue management decisions for any audit findings pertaining to the federal award. c. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures? results and any County actions taken, if appropriate. The County?s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
Finding 2022-079 Minerals Leasing Act?Subrecipient Monitoring In 1920, the U.S. Congress passed the Minerals Leasing Act. This Act directs the federal Office of Natural Resources Revenue (ONRR) within the U.S. Department of the Interior to share 50 percent of mineral leasing revenue received by the ONRR with states that generate mineral lease revenue. Mineral lease revenue results from payments made to the federal government by companies that lease federal land for the right to extract minerals from that land. According to the Act, revenue is to be used by states as each individual state?s legislature directs, giving priority to those sections of the state that are socially or economically impacted by the extraction of minerals. For Colorado, ONRR distributes Program funds to Treasury, which subgrants?or passes through?Program funds to the Department of Local Affairs (DOLA), the Department of Natural Resources (DNR), the Department of Higher Education (DHE), and the Department of Education (DOE), as prescribed by Section 34-63-102, C.R.S. In turn, DOLA passes the majority of the Program funds it receives to local governments impacted by mineral leasing, such as cities and counties. These local governments are considered subrecipients of the Program, and may use Program monies for ??planning; construction and maintenance of public facilities; and provision of public services.? During Fiscal Year 2022, ONRR distributed approximately $124.9 million in Program revenue to Treasury. Treasury passed all of the Program funds to DOLA, DNR, DHE, and DOE. DOLA then passed approximately $49.2 million of the $52.2 million in Program funds it received to local government subrecipients. DOLA retained the remaining $3.0 million in Program funds to cover administrative costs. DNR, DOE, and DHE spent the Program funds at the state level and did not pass any of the funds through to subrecipients. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether Treasury had adequate internal controls in place over, and complied with, federal subrecipient monitoring and reporting requirements for the Program during Fiscal Year 2022. As part of our testing, we reviewed Treasury?s progress in implementing our Fiscal Year 2020 audit recommendation related to subrecipient monitoring and reporting requirements for the Program. During that audit, we recommended that Treasury strengthen its internal controls to ensure that it complies with federal requirements for subrecipient monitoring and reporting for the Program by developing an effective monitoring process to ensure that required federal award information is communicated to Program subrecipients, including the Assistance Listing Number, program name, federal awarding agency, name of the department awarding the Program monies, Treasury department contact information, and dollar amount. In addition, we recommended that Treasury implement procedures to accurately prepare and submit the Exhibit K1, Schedule of Federal Assistance, to the Office of the State Controller (OSC) for reporting federal assistance information each year and to ensure the Exhibit K1 accurately reflects Program expenditures. During our Fiscal Year 2022 audit, we inquired about Treasury?s monitoring procedures over its Program subrecipients, including its required communications. We also reviewed Treasury?s Exhibit K1 to verify the accuracy of the information reported to the OSC and to assess Treasury?s compliance with federal reporting requirements and the OSC?s instructions. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: Federal regulations [2 CFR 200.303] require that Treasury, as a federal grant recipient, establish and maintain effective internal controls over federal awards that provide reasonable assurance that awards are being managed in compliance with federal statutes, regulation, and the terms and conditions of the federal award. Federal regulations [2 CFR 200.332] further require that Treasury, as the primary recipient of the Program monies, ensure that every subaward it makes is clearly identified to the subrecipient as a subaward, and that Treasury provides specific information about the Program to the subrecipients, including, but not limited to, the following: ? Assistance Listing Number ? Name of the program, name of the federal awarding agency, and name of the department awarding the Program monies ? Contact information for Treasury ? Dollar amount made available to the subrecipient ? Reporting requirements The State and any local governments receiving federal funds are required to present a Schedule of Expenditures of Federal Awards (SEFA) in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Federal regulations [2 CFR 200.501(b)] specifically require that the SEFA include information on each federal award expended during the year, including the total amount provided to subrecipients from each federal award. Any non-federal entity that expends $750,000 or more in total federal awards during the entity?s fiscal year must undergo a Single Audit or program-specific audit for that year. Federal regulations [2 CFR 200.332(f)] further require that Treasury, as the primary recipient of the Program funds, ensure that any non-state subrecipients receiving federal funds from the State during a given fiscal year report the funds on their respective SEFAs and, if applicable, undergo a Single Audit. The Exhibit K1 is used to report federal expenditure information to the OSC to aid the OSC in preparing the State?s SEFA, which reports the total federal awards expended by the State during the fiscal year. The instructions state that the OSC relies on the accuracy of amounts and other information reported on the Exhibit in preparing the SEFA. What problem did the audit work identify? We found that Treasury did not fully implement our prior audit recommendation related to federal subrecipient monitoring for the Program during Fiscal Year 2022. Specifically, we found that Treasury did not communicate, or ensure that DOLA communicated, the required award information and applicable federal compliance requirements to all Program subrecipients in accordance with federal regulations. In response to our prior audit recommendation, Treasury reported that they met with DOLA staff in June 2022 to discuss an interagency agreement that would establish expectations for DOLA to communicate required federal award information and applicable federal compliance requirements for this Program to subrecipients. However, as of the end of the fiscal year, this interagency agreement was not signed or in place. Further, Treasury, as the primary recipient of the Program funds, did not ensure that it or DOLA communicated and followed up with any non-state subrecipients receiving federal funds from the State during Fiscal Year 2022 to ensure the subrecipients reported the funds on their respective SEFAs and, if applicable, underwent a Single Audit. We determined that Treasury implemented part of our prior audit recommendation related to the preparation of its Exhibit K1 in accordance with federal requirements. Specifically, Treasury received information from pass-through departments in order to properly determine whether Program funds ultimately flowed through to subrecipients and reported these funds as ?Expenditures -Passed Through to Subrecipient? on Treasury?s Exhibit K1. Why did this problem occur? Treasury did not have adequate internal controls in place during Fiscal Year 2022 to ensure that it complied with federal subrecipient monitoring requirements for the Program. Specifically, Treasury staff did not effectively communicate with DOLA staff about their responsibility for subrecipient reporting or have a monitoring process in place to ensure that either Treasury or DOLA staff communicated required federal award information and related federal reporting requirements to all subrecipients of Program funds, including a communication that any subrecipients receiving Program funds from the State during Fiscal Year 2022 are required to report the funds on their respective SEFAs and, if applicable, undergo a Single Audit. Why does this problem matter? By not communicating required information to subrecipients, Treasury failed to comply with federal subrecipient monitoring requirements for the Program. This communication is necessary to ensure that subrecipients are aware of the federal requirements for the funds, including the requirement that local governments properly report federal expenditures on their SEFAs. Treasury?s insufficient monitoring of Program subrecipients could result in future federal funding being reduced. In addition, if Treasury does not appropriately communicate SEFA reporting requirements to other state agencies and non-state subrecipients in the future, it could ultimately result in local governments not undergoing Single Audits, as required. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-079 The Department of the Treasury (Treasury) should strengthen its internal controls to ensure that it complies with federal requirements for subrecipient monitoring and reporting for the Minerals Leasing Act program (Program). This should include developing effective processes to ensure that required federal award information, including the Assistance Listing Number, federal program name, and dollar amount made available to the subrecipient, and the related federal requirements are communicated to Program subrecipients, and that the subrecipients report the funds on their respective annual Schedules of Expenditures of Federal Awards and, if applicable, undergo a Single Audit. Response Department of The Treasury Agree Implementation Date: June 30, 2023 The Department of the Treasury (Treasury) strengthened its internal controls with DOLA?s agreement to disseminate the necessary information to the subrecipients in compliance with federal requirements for subrecipient monitoring and reporting for the Minerals Leasing Act program (Program) at the earliest possible opportunity following receipt of the recommendation in the previous FYE?s report as the monitoring and reporting for the Program could only be performed following the annual distribution of such funds which took place subsequent to FYE 2022. The Department will formalize an Interagency Agreement with DOLA and any other relevant parties, incorporating additional corrective action before the stated date above (June 30, 2023).
Finding 2022-076 Compliance with Federal Subrecipient Monitoring Requirements The Department receives federal grant funds directly from the federal government for the Highway Planning and Construction Program (Program) and then subgrants, or passes through, a portion of the funds to cities and counties and other organizations that are considered to be either a subrecipient or a contractor. A subrecipient is a non-federal entity that expends federal awards received from a pass-through entity to carry out a federal program, but does not include an individual that is a beneficiary receiving direct payments from such a program. A contractor is a dealer, distributor, merchant, or other seller providing goods or services that are required to conduct a federal program; these goods or services may be for an organization?s own use or for the use of beneficiaries of the federal program. The Department executes an Intergovemental Agreement (IGA) between the Department and the subrecipient. Under Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), the Department is responsible for evaluating each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward and for ultimately ensuring the subrecipient is determined eligible. In some instances, in coordination with the Federal Highway Association (FHWA), a Metropolitan Planning Organization (MPO)? rather than the primary recipient, such as the Department?is responsible for performing eligibility determinations. As such, in those instances, the Department does not perform risk-assessments on these contracts and only is responsible for on-going monitoring. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the Department had effective internal controls in place and complied with subrecipient monitoring activities for the Program during Fiscal Year 2022. As part of our audit work, we reviewed the Department?s internal controls over compliance for subrecipient monitoring requirements for the Program, including the Department?s policies and procedures. We tested a random sample of 25 of the Department?s 92 subrecipients (27 percent) for the Program?for which the Department had an IGA in place during Fiscal Year 2022?to determine whether subrecipient monitoring procedures performed by Department staff during the year were compliant with federal regulations. Our testing included evaluating whether the Department performed risk assessments and determined the appropriate level of subrecipient monitoring for the entities, as required by federal Uniform Guidance. How were the results of the audit work measured? Our audit work was designed to measure the Department?s compliance with the following criteria: ? Federal regulations [2 CFR 200.303] state that the Department, as a federal grant recipient, must ?establish and maintain effective internal controls over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulation, and the terms and conditions of the Federal award.? ? Federal regulations [2 CFR 200.332(b)] also state that the Department must evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward and may include various factors. ? Federal regulations [2 CFR 200.332(d) through (f)] and [2 CFR 200.521] further require the Department to monitor the activities of its subrecipients, as necessary, to ensure that each subaward is used for authorized purposes, the subrecipient complies with the terms and conditions of the subaward, and that the subrecipient achieves performance goals. The Department?s monitoring must include: o Reviewing financial and programmatic reports submitted by the subrecipient o Following-up on and ensuring the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity What problems did the audit work identify? We determined that the Department did not comply with subrecipient monitoring requirements for the Highway Planning and Construction Program during Fiscal Year 2022, as noted below: ? The Department did not perform a risk assessment for 6 of the 25 subrecipients (24 percent) we tested, including subrecipients where eligibility was determined by a MPO. ? The Department improperly included one vendor in our population of subrecipients. The nature of services provided by the vendor was personal services, therefore, did not require the execution of an IGA. ? The Department did not provide supporting documentation for reviews of any Fiscal Year 2022 financial and programmatic reports. As a result, we were unable to determine if any reviews were conducted during the fiscal year, as required. Why did these problems occur? While the Department has created a subrecipient monitoring and risk assessment manual, the manual lacks clarity in a variety of areas, including the following: ? For contracts which extend over multiple fiscal years, the policies do not specify the frequency in which subrecipient risk-assessment should be reviewed or updated. ? There are multiple types of subrecipient contracts for which the full risk-assessment process may not be applicable, however, the current policies do not address acceptable exceptions to the policy. ? The Department?s current policies do not include guidance related to the review of financial and programmatic reports, including the extent to which required programmatic and financial reports should be obtained and reviewed. ? The Department?s policies and procedures do not clearly indicate that the Department is not required to complete a risk assessment when an MPO determines eligibility and therefore the nature of monitoring procedures to be performed is not defined. ? Requested audit documentation was not provided timely. Further, the Department did not provide sufficiently-detailed training to staff to ensure they were aware of and conducted required subrecipient monitoring responsibilities. Why do these problems matter? Performing timely and appropriate monitoring of subrecipients provides the Department with a method to ensure its subrecipients are complying with applicable federal grant requirements. By taking appropriate actions based on the results of its subrecipient monitoring activities, the Department can mitigate the risk of providing continuing funding to entities that may not be using funds in accordance with program requirements. Overall, the Department?s failure to comply with federal requirements could result in a loss of funding from the federal government. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-076 The Department of Transportation should strengthen internal controls over and ensure that it complies with federal subrecipient monitoring requirements for the Highway Planning and Construction program by: A. Updating its current subrecipient monitoring and risk assessment policy to clarify the frequency in which a risk assessment is required to be completed or updated, as applicable for contracts that span multiple fiscal years, as well as direction regarding when it is acceptable to forgo performing a risk assessment and updating the policy to address the nature in which subrecipient programmatic and financial reports are reviewed B. Providing training to staff responsible for subrecipient monitoring activities related to the policies updated in Part A of the finding. Response Department of Transportation A. Agree Implementation Date: November 2023 The Department will update the policy to clarify the frequency in which the risk assessment is required to be completed or updated as applicable for contracts that span multiple fiscal years, as well as identifying exceptions, outlining when it is acceptable to forgo risk assessments. The Department will also update the policy to address the nature in which the subrecipient programmatic and financial reports are reviewed. The updates will be completed by November 2023. B. Agree Implementation Date: November 2023 The Department will provide training on the subrecipient monitoring policy manual to outline roles, responsibilities and the frequency of risk assessments that span over multiple fiscal years. The training will also provide guidance on the programmatic and financial information review process.
Finding 2022-076 Compliance with Federal Subrecipient Monitoring Requirements The Department receives federal grant funds directly from the federal government for the Highway Planning and Construction Program (Program) and then subgrants, or passes through, a portion of the funds to cities and counties and other organizations that are considered to be either a subrecipient or a contractor. A subrecipient is a non-federal entity that expends federal awards received from a pass-through entity to carry out a federal program, but does not include an individual that is a beneficiary receiving direct payments from such a program. A contractor is a dealer, distributor, merchant, or other seller providing goods or services that are required to conduct a federal program; these goods or services may be for an organization?s own use or for the use of beneficiaries of the federal program. The Department executes an Intergovemental Agreement (IGA) between the Department and the subrecipient. Under Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), the Department is responsible for evaluating each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward and for ultimately ensuring the subrecipient is determined eligible. In some instances, in coordination with the Federal Highway Association (FHWA), a Metropolitan Planning Organization (MPO)? rather than the primary recipient, such as the Department?is responsible for performing eligibility determinations. As such, in those instances, the Department does not perform risk-assessments on these contracts and only is responsible for on-going monitoring. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the Department had effective internal controls in place and complied with subrecipient monitoring activities for the Program during Fiscal Year 2022. As part of our audit work, we reviewed the Department?s internal controls over compliance for subrecipient monitoring requirements for the Program, including the Department?s policies and procedures. We tested a random sample of 25 of the Department?s 92 subrecipients (27 percent) for the Program?for which the Department had an IGA in place during Fiscal Year 2022?to determine whether subrecipient monitoring procedures performed by Department staff during the year were compliant with federal regulations. Our testing included evaluating whether the Department performed risk assessments and determined the appropriate level of subrecipient monitoring for the entities, as required by federal Uniform Guidance. How were the results of the audit work measured? Our audit work was designed to measure the Department?s compliance with the following criteria: ? Federal regulations [2 CFR 200.303] state that the Department, as a federal grant recipient, must ?establish and maintain effective internal controls over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulation, and the terms and conditions of the Federal award.? ? Federal regulations [2 CFR 200.332(b)] also state that the Department must evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward and may include various factors. ? Federal regulations [2 CFR 200.332(d) through (f)] and [2 CFR 200.521] further require the Department to monitor the activities of its subrecipients, as necessary, to ensure that each subaward is used for authorized purposes, the subrecipient complies with the terms and conditions of the subaward, and that the subrecipient achieves performance goals. The Department?s monitoring must include: o Reviewing financial and programmatic reports submitted by the subrecipient o Following-up on and ensuring the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity What problems did the audit work identify? We determined that the Department did not comply with subrecipient monitoring requirements for the Highway Planning and Construction Program during Fiscal Year 2022, as noted below: ? The Department did not perform a risk assessment for 6 of the 25 subrecipients (24 percent) we tested, including subrecipients where eligibility was determined by a MPO. ? The Department improperly included one vendor in our population of subrecipients. The nature of services provided by the vendor was personal services, therefore, did not require the execution of an IGA. ? The Department did not provide supporting documentation for reviews of any Fiscal Year 2022 financial and programmatic reports. As a result, we were unable to determine if any reviews were conducted during the fiscal year, as required. Why did these problems occur? While the Department has created a subrecipient monitoring and risk assessment manual, the manual lacks clarity in a variety of areas, including the following: ? For contracts which extend over multiple fiscal years, the policies do not specify the frequency in which subrecipient risk-assessment should be reviewed or updated. ? There are multiple types of subrecipient contracts for which the full risk-assessment process may not be applicable, however, the current policies do not address acceptable exceptions to the policy. ? The Department?s current policies do not include guidance related to the review of financial and programmatic reports, including the extent to which required programmatic and financial reports should be obtained and reviewed. ? The Department?s policies and procedures do not clearly indicate that the Department is not required to complete a risk assessment when an MPO determines eligibility and therefore the nature of monitoring procedures to be performed is not defined. ? Requested audit documentation was not provided timely. Further, the Department did not provide sufficiently-detailed training to staff to ensure they were aware of and conducted required subrecipient monitoring responsibilities. Why do these problems matter? Performing timely and appropriate monitoring of subrecipients provides the Department with a method to ensure its subrecipients are complying with applicable federal grant requirements. By taking appropriate actions based on the results of its subrecipient monitoring activities, the Department can mitigate the risk of providing continuing funding to entities that may not be using funds in accordance with program requirements. Overall, the Department?s failure to comply with federal requirements could result in a loss of funding from the federal government. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-076 The Department of Transportation should strengthen internal controls over and ensure that it complies with federal subrecipient monitoring requirements for the Highway Planning and Construction program by: A. Updating its current subrecipient monitoring and risk assessment policy to clarify the frequency in which a risk assessment is required to be completed or updated, as applicable for contracts that span multiple fiscal years, as well as direction regarding when it is acceptable to forgo performing a risk assessment and updating the policy to address the nature in which subrecipient programmatic and financial reports are reviewed B. Providing training to staff responsible for subrecipient monitoring activities related to the policies updated in Part A of the finding. Response Department of Transportation A. Agree Implementation Date: November 2023 The Department will update the policy to clarify the frequency in which the risk assessment is required to be completed or updated as applicable for contracts that span multiple fiscal years, as well as identifying exceptions, outlining when it is acceptable to forgo risk assessments. The Department will also update the policy to address the nature in which the subrecipient programmatic and financial reports are reviewed. The updates will be completed by November 2023. B. Agree Implementation Date: November 2023 The Department will provide training on the subrecipient monitoring policy manual to outline roles, responsibilities and the frequency of risk assessments that span over multiple fiscal years. The training will also provide guidance on the programmatic and financial information review process.
Finding 2022-076 Compliance with Federal Subrecipient Monitoring Requirements The Department receives federal grant funds directly from the federal government for the Highway Planning and Construction Program (Program) and then subgrants, or passes through, a portion of the funds to cities and counties and other organizations that are considered to be either a subrecipient or a contractor. A subrecipient is a non-federal entity that expends federal awards received from a pass-through entity to carry out a federal program, but does not include an individual that is a beneficiary receiving direct payments from such a program. A contractor is a dealer, distributor, merchant, or other seller providing goods or services that are required to conduct a federal program; these goods or services may be for an organization?s own use or for the use of beneficiaries of the federal program. The Department executes an Intergovemental Agreement (IGA) between the Department and the subrecipient. Under Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), the Department is responsible for evaluating each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward and for ultimately ensuring the subrecipient is determined eligible. In some instances, in coordination with the Federal Highway Association (FHWA), a Metropolitan Planning Organization (MPO)? rather than the primary recipient, such as the Department?is responsible for performing eligibility determinations. As such, in those instances, the Department does not perform risk-assessments on these contracts and only is responsible for on-going monitoring. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the Department had effective internal controls in place and complied with subrecipient monitoring activities for the Program during Fiscal Year 2022. As part of our audit work, we reviewed the Department?s internal controls over compliance for subrecipient monitoring requirements for the Program, including the Department?s policies and procedures. We tested a random sample of 25 of the Department?s 92 subrecipients (27 percent) for the Program?for which the Department had an IGA in place during Fiscal Year 2022?to determine whether subrecipient monitoring procedures performed by Department staff during the year were compliant with federal regulations. Our testing included evaluating whether the Department performed risk assessments and determined the appropriate level of subrecipient monitoring for the entities, as required by federal Uniform Guidance. How were the results of the audit work measured? Our audit work was designed to measure the Department?s compliance with the following criteria: ? Federal regulations [2 CFR 200.303] state that the Department, as a federal grant recipient, must ?establish and maintain effective internal controls over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulation, and the terms and conditions of the Federal award.? ? Federal regulations [2 CFR 200.332(b)] also state that the Department must evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward and may include various factors. ? Federal regulations [2 CFR 200.332(d) through (f)] and [2 CFR 200.521] further require the Department to monitor the activities of its subrecipients, as necessary, to ensure that each subaward is used for authorized purposes, the subrecipient complies with the terms and conditions of the subaward, and that the subrecipient achieves performance goals. The Department?s monitoring must include: o Reviewing financial and programmatic reports submitted by the subrecipient o Following-up on and ensuring the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity What problems did the audit work identify? We determined that the Department did not comply with subrecipient monitoring requirements for the Highway Planning and Construction Program during Fiscal Year 2022, as noted below: ? The Department did not perform a risk assessment for 6 of the 25 subrecipients (24 percent) we tested, including subrecipients where eligibility was determined by a MPO. ? The Department improperly included one vendor in our population of subrecipients. The nature of services provided by the vendor was personal services, therefore, did not require the execution of an IGA. ? The Department did not provide supporting documentation for reviews of any Fiscal Year 2022 financial and programmatic reports. As a result, we were unable to determine if any reviews were conducted during the fiscal year, as required. Why did these problems occur? While the Department has created a subrecipient monitoring and risk assessment manual, the manual lacks clarity in a variety of areas, including the following: ? For contracts which extend over multiple fiscal years, the policies do not specify the frequency in which subrecipient risk-assessment should be reviewed or updated. ? There are multiple types of subrecipient contracts for which the full risk-assessment process may not be applicable, however, the current policies do not address acceptable exceptions to the policy. ? The Department?s current policies do not include guidance related to the review of financial and programmatic reports, including the extent to which required programmatic and financial reports should be obtained and reviewed. ? The Department?s policies and procedures do not clearly indicate that the Department is not required to complete a risk assessment when an MPO determines eligibility and therefore the nature of monitoring procedures to be performed is not defined. ? Requested audit documentation was not provided timely. Further, the Department did not provide sufficiently-detailed training to staff to ensure they were aware of and conducted required subrecipient monitoring responsibilities. Why do these problems matter? Performing timely and appropriate monitoring of subrecipients provides the Department with a method to ensure its subrecipients are complying with applicable federal grant requirements. By taking appropriate actions based on the results of its subrecipient monitoring activities, the Department can mitigate the risk of providing continuing funding to entities that may not be using funds in accordance with program requirements. Overall, the Department?s failure to comply with federal requirements could result in a loss of funding from the federal government. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-076 The Department of Transportation should strengthen internal controls over and ensure that it complies with federal subrecipient monitoring requirements for the Highway Planning and Construction program by: A. Updating its current subrecipient monitoring and risk assessment policy to clarify the frequency in which a risk assessment is required to be completed or updated, as applicable for contracts that span multiple fiscal years, as well as direction regarding when it is acceptable to forgo performing a risk assessment and updating the policy to address the nature in which subrecipient programmatic and financial reports are reviewed B. Providing training to staff responsible for subrecipient monitoring activities related to the policies updated in Part A of the finding. Response Department of Transportation A. Agree Implementation Date: November 2023 The Department will update the policy to clarify the frequency in which the risk assessment is required to be completed or updated as applicable for contracts that span multiple fiscal years, as well as identifying exceptions, outlining when it is acceptable to forgo risk assessments. The Department will also update the policy to address the nature in which the subrecipient programmatic and financial reports are reviewed. The updates will be completed by November 2023. B. Agree Implementation Date: November 2023 The Department will provide training on the subrecipient monitoring policy manual to outline roles, responsibilities and the frequency of risk assessments that span over multiple fiscal years. The training will also provide guidance on the programmatic and financial information review process.
Finding 2022-076 Compliance with Federal Subrecipient Monitoring Requirements The Department receives federal grant funds directly from the federal government for the Highway Planning and Construction Program (Program) and then subgrants, or passes through, a portion of the funds to cities and counties and other organizations that are considered to be either a subrecipient or a contractor. A subrecipient is a non-federal entity that expends federal awards received from a pass-through entity to carry out a federal program, but does not include an individual that is a beneficiary receiving direct payments from such a program. A contractor is a dealer, distributor, merchant, or other seller providing goods or services that are required to conduct a federal program; these goods or services may be for an organization?s own use or for the use of beneficiaries of the federal program. The Department executes an Intergovemental Agreement (IGA) between the Department and the subrecipient. Under Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), the Department is responsible for evaluating each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward and for ultimately ensuring the subrecipient is determined eligible. In some instances, in coordination with the Federal Highway Association (FHWA), a Metropolitan Planning Organization (MPO)? rather than the primary recipient, such as the Department?is responsible for performing eligibility determinations. As such, in those instances, the Department does not perform risk-assessments on these contracts and only is responsible for on-going monitoring. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the Department had effective internal controls in place and complied with subrecipient monitoring activities for the Program during Fiscal Year 2022. As part of our audit work, we reviewed the Department?s internal controls over compliance for subrecipient monitoring requirements for the Program, including the Department?s policies and procedures. We tested a random sample of 25 of the Department?s 92 subrecipients (27 percent) for the Program?for which the Department had an IGA in place during Fiscal Year 2022?to determine whether subrecipient monitoring procedures performed by Department staff during the year were compliant with federal regulations. Our testing included evaluating whether the Department performed risk assessments and determined the appropriate level of subrecipient monitoring for the entities, as required by federal Uniform Guidance. How were the results of the audit work measured? Our audit work was designed to measure the Department?s compliance with the following criteria: ? Federal regulations [2 CFR 200.303] state that the Department, as a federal grant recipient, must ?establish and maintain effective internal controls over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulation, and the terms and conditions of the Federal award.? ? Federal regulations [2 CFR 200.332(b)] also state that the Department must evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward and may include various factors. ? Federal regulations [2 CFR 200.332(d) through (f)] and [2 CFR 200.521] further require the Department to monitor the activities of its subrecipients, as necessary, to ensure that each subaward is used for authorized purposes, the subrecipient complies with the terms and conditions of the subaward, and that the subrecipient achieves performance goals. The Department?s monitoring must include: o Reviewing financial and programmatic reports submitted by the subrecipient o Following-up on and ensuring the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity What problems did the audit work identify? We determined that the Department did not comply with subrecipient monitoring requirements for the Highway Planning and Construction Program during Fiscal Year 2022, as noted below: ? The Department did not perform a risk assessment for 6 of the 25 subrecipients (24 percent) we tested, including subrecipients where eligibility was determined by a MPO. ? The Department improperly included one vendor in our population of subrecipients. The nature of services provided by the vendor was personal services, therefore, did not require the execution of an IGA. ? The Department did not provide supporting documentation for reviews of any Fiscal Year 2022 financial and programmatic reports. As a result, we were unable to determine if any reviews were conducted during the fiscal year, as required. Why did these problems occur? While the Department has created a subrecipient monitoring and risk assessment manual, the manual lacks clarity in a variety of areas, including the following: ? For contracts which extend over multiple fiscal years, the policies do not specify the frequency in which subrecipient risk-assessment should be reviewed or updated. ? There are multiple types of subrecipient contracts for which the full risk-assessment process may not be applicable, however, the current policies do not address acceptable exceptions to the policy. ? The Department?s current policies do not include guidance related to the review of financial and programmatic reports, including the extent to which required programmatic and financial reports should be obtained and reviewed. ? The Department?s policies and procedures do not clearly indicate that the Department is not required to complete a risk assessment when an MPO determines eligibility and therefore the nature of monitoring procedures to be performed is not defined. ? Requested audit documentation was not provided timely. Further, the Department did not provide sufficiently-detailed training to staff to ensure they were aware of and conducted required subrecipient monitoring responsibilities. Why do these problems matter? Performing timely and appropriate monitoring of subrecipients provides the Department with a method to ensure its subrecipients are complying with applicable federal grant requirements. By taking appropriate actions based on the results of its subrecipient monitoring activities, the Department can mitigate the risk of providing continuing funding to entities that may not be using funds in accordance with program requirements. Overall, the Department?s failure to comply with federal requirements could result in a loss of funding from the federal government. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-076 The Department of Transportation should strengthen internal controls over and ensure that it complies with federal subrecipient monitoring requirements for the Highway Planning and Construction program by: A. Updating its current subrecipient monitoring and risk assessment policy to clarify the frequency in which a risk assessment is required to be completed or updated, as applicable for contracts that span multiple fiscal years, as well as direction regarding when it is acceptable to forgo performing a risk assessment and updating the policy to address the nature in which subrecipient programmatic and financial reports are reviewed B. Providing training to staff responsible for subrecipient monitoring activities related to the policies updated in Part A of the finding. Response Department of Transportation A. Agree Implementation Date: November 2023 The Department will update the policy to clarify the frequency in which the risk assessment is required to be completed or updated as applicable for contracts that span multiple fiscal years, as well as identifying exceptions, outlining when it is acceptable to forgo risk assessments. The Department will also update the policy to address the nature in which the subrecipient programmatic and financial reports are reviewed. The updates will be completed by November 2023. B. Agree Implementation Date: November 2023 The Department will provide training on the subrecipient monitoring policy manual to outline roles, responsibilities and the frequency of risk assessments that span over multiple fiscal years. The training will also provide guidance on the programmatic and financial information review process.
Finding 2022-076 Compliance with Federal Subrecipient Monitoring Requirements The Department receives federal grant funds directly from the federal government for the Highway Planning and Construction Program (Program) and then subgrants, or passes through, a portion of the funds to cities and counties and other organizations that are considered to be either a subrecipient or a contractor. A subrecipient is a non-federal entity that expends federal awards received from a pass-through entity to carry out a federal program, but does not include an individual that is a beneficiary receiving direct payments from such a program. A contractor is a dealer, distributor, merchant, or other seller providing goods or services that are required to conduct a federal program; these goods or services may be for an organization?s own use or for the use of beneficiaries of the federal program. The Department executes an Intergovemental Agreement (IGA) between the Department and the subrecipient. Under Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), the Department is responsible for evaluating each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward and for ultimately ensuring the subrecipient is determined eligible. In some instances, in coordination with the Federal Highway Association (FHWA), a Metropolitan Planning Organization (MPO)? rather than the primary recipient, such as the Department?is responsible for performing eligibility determinations. As such, in those instances, the Department does not perform risk-assessments on these contracts and only is responsible for on-going monitoring. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether the Department had effective internal controls in place and complied with subrecipient monitoring activities for the Program during Fiscal Year 2022. As part of our audit work, we reviewed the Department?s internal controls over compliance for subrecipient monitoring requirements for the Program, including the Department?s policies and procedures. We tested a random sample of 25 of the Department?s 92 subrecipients (27 percent) for the Program?for which the Department had an IGA in place during Fiscal Year 2022?to determine whether subrecipient monitoring procedures performed by Department staff during the year were compliant with federal regulations. Our testing included evaluating whether the Department performed risk assessments and determined the appropriate level of subrecipient monitoring for the entities, as required by federal Uniform Guidance. How were the results of the audit work measured? Our audit work was designed to measure the Department?s compliance with the following criteria: ? Federal regulations [2 CFR 200.303] state that the Department, as a federal grant recipient, must ?establish and maintain effective internal controls over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulation, and the terms and conditions of the Federal award.? ? Federal regulations [2 CFR 200.332(b)] also state that the Department must evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward and may include various factors. ? Federal regulations [2 CFR 200.332(d) through (f)] and [2 CFR 200.521] further require the Department to monitor the activities of its subrecipients, as necessary, to ensure that each subaward is used for authorized purposes, the subrecipient complies with the terms and conditions of the subaward, and that the subrecipient achieves performance goals. The Department?s monitoring must include: o Reviewing financial and programmatic reports submitted by the subrecipient o Following-up on and ensuring the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity What problems did the audit work identify? We determined that the Department did not comply with subrecipient monitoring requirements for the Highway Planning and Construction Program during Fiscal Year 2022, as noted below: ? The Department did not perform a risk assessment for 6 of the 25 subrecipients (24 percent) we tested, including subrecipients where eligibility was determined by a MPO. ? The Department improperly included one vendor in our population of subrecipients. The nature of services provided by the vendor was personal services, therefore, did not require the execution of an IGA. ? The Department did not provide supporting documentation for reviews of any Fiscal Year 2022 financial and programmatic reports. As a result, we were unable to determine if any reviews were conducted during the fiscal year, as required. Why did these problems occur? While the Department has created a subrecipient monitoring and risk assessment manual, the manual lacks clarity in a variety of areas, including the following: ? For contracts which extend over multiple fiscal years, the policies do not specify the frequency in which subrecipient risk-assessment should be reviewed or updated. ? There are multiple types of subrecipient contracts for which the full risk-assessment process may not be applicable, however, the current policies do not address acceptable exceptions to the policy. ? The Department?s current policies do not include guidance related to the review of financial and programmatic reports, including the extent to which required programmatic and financial reports should be obtained and reviewed. ? The Department?s policies and procedures do not clearly indicate that the Department is not required to complete a risk assessment when an MPO determines eligibility and therefore the nature of monitoring procedures to be performed is not defined. ? Requested audit documentation was not provided timely. Further, the Department did not provide sufficiently-detailed training to staff to ensure they were aware of and conducted required subrecipient monitoring responsibilities. Why do these problems matter? Performing timely and appropriate monitoring of subrecipients provides the Department with a method to ensure its subrecipients are complying with applicable federal grant requirements. By taking appropriate actions based on the results of its subrecipient monitoring activities, the Department can mitigate the risk of providing continuing funding to entities that may not be using funds in accordance with program requirements. Overall, the Department?s failure to comply with federal requirements could result in a loss of funding from the federal government. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-076 The Department of Transportation should strengthen internal controls over and ensure that it complies with federal subrecipient monitoring requirements for the Highway Planning and Construction program by: A. Updating its current subrecipient monitoring and risk assessment policy to clarify the frequency in which a risk assessment is required to be completed or updated, as applicable for contracts that span multiple fiscal years, as well as direction regarding when it is acceptable to forgo performing a risk assessment and updating the policy to address the nature in which subrecipient programmatic and financial reports are reviewed B. Providing training to staff responsible for subrecipient monitoring activities related to the policies updated in Part A of the finding. Response Department of Transportation A. Agree Implementation Date: November 2023 The Department will update the policy to clarify the frequency in which the risk assessment is required to be completed or updated as applicable for contracts that span multiple fiscal years, as well as identifying exceptions, outlining when it is acceptable to forgo risk assessments. The Department will also update the policy to address the nature in which the subrecipient programmatic and financial reports are reviewed. The updates will be completed by November 2023. B. Agree Implementation Date: November 2023 The Department will provide training on the subrecipient monitoring policy manual to outline roles, responsibilities and the frequency of risk assessments that span over multiple fiscal years. The training will also provide guidance on the programmatic and financial information review process.
The following finding and recommendation relating to an internal control deficiency classified as a Significant Deficiency was communicated to the Department of Transportation (Department) in the previous year and has not been remediated as of June 30, 2022 because the original implementation date provided by the Department was in a subsequent fiscal year. This complete finding and recommendation can be found within the original report and the complete recommendation can be found within Section IV: Prior Audit Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table Finding 2021-068 The following finding and recommendation relating to an internal control deficiency classified as a Significant Deficiency was communicated to the Department in the previous year and has not been remediated as of June 30, 2021, because the original implementation date provided by the Department is in a subsequent fiscal year. This complete finding and recommendation can be found in the original report and Section III: Prior Federal Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table. Finding 2020-075 FORMULA GRANTS FOR RURAL AREAS?INTERNAL CONTROLS AND COMPLIANCE WITH SUBRECIPIENT MONITORING The Department received funding from the Federal Transit Authority (FTA) for the Program during Fiscal Year 2020 and expended approximately $26.8 million under the Program; the expenditures included approximately $16.9 million from the Coronavirus Aid, Relief, and Economic Security Act (CARES Act). The objective of this Program is to initiate, improve, or continue public transportation services in rural areas. FTA provides financial and technical assistance to local public transit systems, including buses, subways, light rail, commuter rail, trolleys, and ferries. FTA also oversees safety measures and helps develop next-generation technology research. Approximately $26.0 million (97 percent) of the Program funds expended by the Department were passed through to subrecipients in order to carry out a portion of the Program. WHAT WAS THE PURPOSE OF OUR AUDIT WORK AND WHAT WORK WAS PERFORMED? The purpose of the audit work was to determine whether the Department had effective internal controls in place during Fiscal Year 2020 over the Program, and complied with the Program?s subrecipient monitoring activities. As part of our audit work, we reviewed the Department?s internal controls over compliance for the Program?s subrecipient monitoring. In addition, we tested a random sample of five of 45 Program subrecipients for Fiscal Year 2020 to determine whether the subrecipient monitoring procedures the Department performed during the year were compliant with federal requirements. HOW WERE THE RESULTS OF THE AUDIT WORK MEASURED? Our audit work was designed to measure the results of compliance with the following criteria: ? Federal regulations [2 CFR 200.332(b)] require that the Department evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward and may include various factors. Federal regulations [2 CFR 200.332(d)-(f)] also require the Department to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. Monitoring must include: ? Reviewing financial and programmatic reports. ? Following up and ensuring the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award. ? Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity, as required by 2 CFR 200.521. ? Federal regulation [2 CFR 200.303] states that the Department, as a federal grant recipient, must ?establish and maintain effective internal controls over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulation, and the terms and conditions of the Federal award.? The Department?s internal control policies and procedures require the Internal Audit Division to obtain and review single audit certification forms, whereby subrecipients are required to certify whether they are subject to a Single Audit. Internal Audit Division staff are required to review each certification and related Single Audit report, as applicable, and perform follow-up activities related to deficiencies and audit findings. ? Additionally, the Department is required to report the total amount of federal awards expended to the Office of the State Controller (OSC) via the Exhibit K1, Schedule of Federal Assistance. The Exhibit K1 is the document through which state departments report federal expenditure information to the OSC, including separate columns to indicate types of expenditures, for statewide compilation and reporting. WHAT PROBLEMS DID THE AUDIT WORK IDENTIFY? We identified issues related to two of the five (40 percent) Program subrecipients identified by the Department for Fiscal Year 2020 as follows: ? The Department did not take sufficient steps to address one subrecipient?s failure to obtain a 2019 Single Audit. Specifically, the subrecipient received approximately $78,500 in pass-through Program funding from the Department and communicated to the Department in its single audit certification for the year ending December 31, 2019, that it was subject to a Single Audit; however, that audit had not been conducted as of the completion of our Fiscal Year 2020 audit testwork in April 2021. While it appeared that the Department communicated various times with the subrecipient about the missing audit, the Department did not assess possible impacts from the missing audit or take any action to institute alternate monitoring procedures of the subrecipient. ? For the second subrecipient tested, the Department inappropriately considered the entity to be a subrecipient rather than a vendor and incorrectly reported $20,936 in funds paid to the entity as subrecipient expenditures on its Exhibit K1 submitted to the OSC. WHY DID THESE PROBLEMS OCCUR? The Department?s subrecipient policies and procedures are voluminous and performed throughout multiple divisions within the Department. Therefore, the results of monitoring procedures performed are documented in various areas and not contained in one central location. The Department also does not have policies and procedures in place to identify appropriate actions to be taken when issues are identified. In addition, the Department lacks a process for analyzing the types of entities it is contracting with for the Program in order to separately identify the entities as vendors or subrecipients; rather, staff indicated that, during the contracting process, all contract expenditures related to this Program are recorded as subrecipient expenditures, including service-related or vendor contracts. WHY DO THESE PROBLEMS MATTER? Performing timely and appropriate identification and monitoring of subrecipients, including ensuring that they undergo required Single Audits, provides the Department with a method to identify federal grant-related issues and to ensure its compliance with federal subrecipient monitoring requirements. By taking appropriate actions to address the results of its monitoring, the Department can mitigate the risk of providing continuing funding to entities that may not be using funds in accordance with Program requirements. This is particularly important because the Department passes 97 percent of these Program funds to subrecipients. The Department?s failure to comply with federal requirements could result in a loss of funding from the federal government. See Schedule of Findings and Questioned Costs for chart/table RECOMMENDATION 2020-075 The Department of Transportation (Department) should ensure that it improves its internal controls over, and complies with, federal Formula Grants for Rural Areas and Tribal Transit Program requirements for subrecipient monitoring by: A Ensuring that subrecipient monitoring policies and procedures are centralized, condensed, and available to all personnel who are responsible for performing subrecipient monitoring activities. The policies and procedures should clearly list responsibilities for each division within the Department and be inclusive of all monitoring activities performed and contain clear directives for acting on subrecipients? failure to comply with requirements, including providing its single audit report, by assessing possible impacts from the noncompliance and instituting appropriate alternative procedures. B Implementing a process for analyzing its contracted entities during the contracting and awarding process by reviewing the nature and terms of contracts, separately identifying the contracted entities as vendors or subrecipients, and recording the contract expenditures appropriately based on this assessment. RESPONSE DEPARTMENT OF TRANSPORTATION A AGREE. IMPLEMENTATION DATE: JULY 2022. CDOT will work with various divisions to devise a plan that will comply with this finding and the recommendations noted within. This plan shall include identifying a centralized location for all policies and procedures related to subrecipient monitoring. We will look at all policies and procedures to ensure they clearly identify responsibilities and requirements for non-compliance. B AGREE. IMPLEMENTATION DATE: JULY 2022. CDOT will work with various divisions to devise a plan that will comply with this finding and the recommendations noted within. This plan shall include establishing a process by which an analysis of contracted entities will be performed to identify and properly record entities as a vendor or subrecipient.
The following finding and recommendation relating to an internal control deficiency classified as a Significant Deficiency was communicated to the Department of Transportation (Department) in the previous year and has not been remediated as of June 30, 2022 because the original implementation date provided by the Department was in a subsequent fiscal year. This complete finding and recommendation can be found within the original report and the complete recommendation can be found within Section IV: Prior Audit Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table Finding 2021-068 The following finding and recommendation relating to an internal control deficiency classified as a Significant Deficiency was communicated to the Department in the previous year and has not been remediated as of June 30, 2021, because the original implementation date provided by the Department is in a subsequent fiscal year. This complete finding and recommendation can be found in the original report and Section III: Prior Federal Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table. Finding 2020-075 FORMULA GRANTS FOR RURAL AREAS?INTERNAL CONTROLS AND COMPLIANCE WITH SUBRECIPIENT MONITORING The Department received funding from the Federal Transit Authority (FTA) for the Program during Fiscal Year 2020 and expended approximately $26.8 million under the Program; the expenditures included approximately $16.9 million from the Coronavirus Aid, Relief, and Economic Security Act (CARES Act). The objective of this Program is to initiate, improve, or continue public transportation services in rural areas. FTA provides financial and technical assistance to local public transit systems, including buses, subways, light rail, commuter rail, trolleys, and ferries. FTA also oversees safety measures and helps develop next-generation technology research. Approximately $26.0 million (97 percent) of the Program funds expended by the Department were passed through to subrecipients in order to carry out a portion of the Program. WHAT WAS THE PURPOSE OF OUR AUDIT WORK AND WHAT WORK WAS PERFORMED? The purpose of the audit work was to determine whether the Department had effective internal controls in place during Fiscal Year 2020 over the Program, and complied with the Program?s subrecipient monitoring activities. As part of our audit work, we reviewed the Department?s internal controls over compliance for the Program?s subrecipient monitoring. In addition, we tested a random sample of five of 45 Program subrecipients for Fiscal Year 2020 to determine whether the subrecipient monitoring procedures the Department performed during the year were compliant with federal requirements. HOW WERE THE RESULTS OF THE AUDIT WORK MEASURED? Our audit work was designed to measure the results of compliance with the following criteria: ? Federal regulations [2 CFR 200.332(b)] require that the Department evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward and may include various factors. Federal regulations [2 CFR 200.332(d)-(f)] also require the Department to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. Monitoring must include: ? Reviewing financial and programmatic reports. ? Following up and ensuring the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award. ? Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity, as required by 2 CFR 200.521. ? Federal regulation [2 CFR 200.303] states that the Department, as a federal grant recipient, must ?establish and maintain effective internal controls over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulation, and the terms and conditions of the Federal award.? The Department?s internal control policies and procedures require the Internal Audit Division to obtain and review single audit certification forms, whereby subrecipients are required to certify whether they are subject to a Single Audit. Internal Audit Division staff are required to review each certification and related Single Audit report, as applicable, and perform follow-up activities related to deficiencies and audit findings. ? Additionally, the Department is required to report the total amount of federal awards expended to the Office of the State Controller (OSC) via the Exhibit K1, Schedule of Federal Assistance. The Exhibit K1 is the document through which state departments report federal expenditure information to the OSC, including separate columns to indicate types of expenditures, for statewide compilation and reporting. WHAT PROBLEMS DID THE AUDIT WORK IDENTIFY? We identified issues related to two of the five (40 percent) Program subrecipients identified by the Department for Fiscal Year 2020 as follows: ? The Department did not take sufficient steps to address one subrecipient?s failure to obtain a 2019 Single Audit. Specifically, the subrecipient received approximately $78,500 in pass-through Program funding from the Department and communicated to the Department in its single audit certification for the year ending December 31, 2019, that it was subject to a Single Audit; however, that audit had not been conducted as of the completion of our Fiscal Year 2020 audit testwork in April 2021. While it appeared that the Department communicated various times with the subrecipient about the missing audit, the Department did not assess possible impacts from the missing audit or take any action to institute alternate monitoring procedures of the subrecipient. ? For the second subrecipient tested, the Department inappropriately considered the entity to be a subrecipient rather than a vendor and incorrectly reported $20,936 in funds paid to the entity as subrecipient expenditures on its Exhibit K1 submitted to the OSC. WHY DID THESE PROBLEMS OCCUR? The Department?s subrecipient policies and procedures are voluminous and performed throughout multiple divisions within the Department. Therefore, the results of monitoring procedures performed are documented in various areas and not contained in one central location. The Department also does not have policies and procedures in place to identify appropriate actions to be taken when issues are identified. In addition, the Department lacks a process for analyzing the types of entities it is contracting with for the Program in order to separately identify the entities as vendors or subrecipients; rather, staff indicated that, during the contracting process, all contract expenditures related to this Program are recorded as subrecipient expenditures, including service-related or vendor contracts. WHY DO THESE PROBLEMS MATTER? Performing timely and appropriate identification and monitoring of subrecipients, including ensuring that they undergo required Single Audits, provides the Department with a method to identify federal grant-related issues and to ensure its compliance with federal subrecipient monitoring requirements. By taking appropriate actions to address the results of its monitoring, the Department can mitigate the risk of providing continuing funding to entities that may not be using funds in accordance with Program requirements. This is particularly important because the Department passes 97 percent of these Program funds to subrecipients. The Department?s failure to comply with federal requirements could result in a loss of funding from the federal government. See Schedule of Findings and Questioned Costs for chart/table RECOMMENDATION 2020-075 The Department of Transportation (Department) should ensure that it improves its internal controls over, and complies with, federal Formula Grants for Rural Areas and Tribal Transit Program requirements for subrecipient monitoring by: A Ensuring that subrecipient monitoring policies and procedures are centralized, condensed, and available to all personnel who are responsible for performing subrecipient monitoring activities. The policies and procedures should clearly list responsibilities for each division within the Department and be inclusive of all monitoring activities performed and contain clear directives for acting on subrecipients? failure to comply with requirements, including providing its single audit report, by assessing possible impacts from the noncompliance and instituting appropriate alternative procedures. B Implementing a process for analyzing its contracted entities during the contracting and awarding process by reviewing the nature and terms of contracts, separately identifying the contracted entities as vendors or subrecipients, and recording the contract expenditures appropriately based on this assessment. RESPONSE DEPARTMENT OF TRANSPORTATION A AGREE. IMPLEMENTATION DATE: JULY 2022. CDOT will work with various divisions to devise a plan that will comply with this finding and the recommendations noted within. This plan shall include identifying a centralized location for all policies and procedures related to subrecipient monitoring. We will look at all policies and procedures to ensure they clearly identify responsibilities and requirements for non-compliance. B AGREE. IMPLEMENTATION DATE: JULY 2022. CDOT will work with various divisions to devise a plan that will comply with this finding and the recommendations noted within. This plan shall include establishing a process by which an analysis of contracted entities will be performed to identify and properly record entities as a vendor or subrecipient.
The following finding and recommendation relating to an internal control deficiency classified as a Significant Deficiency was communicated to the Department of Transportation (Department) in the previous year and has not been remediated as of June 30, 2022 because the original implementation date provided by the Department was in a subsequent fiscal year. This complete finding and recommendation can be found within the original report and the complete recommendation can be found within Section IV: Prior Audit Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table Finding 2021-068 The following finding and recommendation relating to an internal control deficiency classified as a Significant Deficiency was communicated to the Department in the previous year and has not been remediated as of June 30, 2021, because the original implementation date provided by the Department is in a subsequent fiscal year. This complete finding and recommendation can be found in the original report and Section III: Prior Federal Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table. Finding 2020-075 FORMULA GRANTS FOR RURAL AREAS?INTERNAL CONTROLS AND COMPLIANCE WITH SUBRECIPIENT MONITORING The Department received funding from the Federal Transit Authority (FTA) for the Program during Fiscal Year 2020 and expended approximately $26.8 million under the Program; the expenditures included approximately $16.9 million from the Coronavirus Aid, Relief, and Economic Security Act (CARES Act). The objective of this Program is to initiate, improve, or continue public transportation services in rural areas. FTA provides financial and technical assistance to local public transit systems, including buses, subways, light rail, commuter rail, trolleys, and ferries. FTA also oversees safety measures and helps develop next-generation technology research. Approximately $26.0 million (97 percent) of the Program funds expended by the Department were passed through to subrecipients in order to carry out a portion of the Program. WHAT WAS THE PURPOSE OF OUR AUDIT WORK AND WHAT WORK WAS PERFORMED? The purpose of the audit work was to determine whether the Department had effective internal controls in place during Fiscal Year 2020 over the Program, and complied with the Program?s subrecipient monitoring activities. As part of our audit work, we reviewed the Department?s internal controls over compliance for the Program?s subrecipient monitoring. In addition, we tested a random sample of five of 45 Program subrecipients for Fiscal Year 2020 to determine whether the subrecipient monitoring procedures the Department performed during the year were compliant with federal requirements. HOW WERE THE RESULTS OF THE AUDIT WORK MEASURED? Our audit work was designed to measure the results of compliance with the following criteria: ? Federal regulations [2 CFR 200.332(b)] require that the Department evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward and may include various factors. Federal regulations [2 CFR 200.332(d)-(f)] also require the Department to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. Monitoring must include: ? Reviewing financial and programmatic reports. ? Following up and ensuring the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award. ? Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity, as required by 2 CFR 200.521. ? Federal regulation [2 CFR 200.303] states that the Department, as a federal grant recipient, must ?establish and maintain effective internal controls over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulation, and the terms and conditions of the Federal award.? The Department?s internal control policies and procedures require the Internal Audit Division to obtain and review single audit certification forms, whereby subrecipients are required to certify whether they are subject to a Single Audit. Internal Audit Division staff are required to review each certification and related Single Audit report, as applicable, and perform follow-up activities related to deficiencies and audit findings. ? Additionally, the Department is required to report the total amount of federal awards expended to the Office of the State Controller (OSC) via the Exhibit K1, Schedule of Federal Assistance. The Exhibit K1 is the document through which state departments report federal expenditure information to the OSC, including separate columns to indicate types of expenditures, for statewide compilation and reporting. WHAT PROBLEMS DID THE AUDIT WORK IDENTIFY? We identified issues related to two of the five (40 percent) Program subrecipients identified by the Department for Fiscal Year 2020 as follows: ? The Department did not take sufficient steps to address one subrecipient?s failure to obtain a 2019 Single Audit. Specifically, the subrecipient received approximately $78,500 in pass-through Program funding from the Department and communicated to the Department in its single audit certification for the year ending December 31, 2019, that it was subject to a Single Audit; however, that audit had not been conducted as of the completion of our Fiscal Year 2020 audit testwork in April 2021. While it appeared that the Department communicated various times with the subrecipient about the missing audit, the Department did not assess possible impacts from the missing audit or take any action to institute alternate monitoring procedures of the subrecipient. ? For the second subrecipient tested, the Department inappropriately considered the entity to be a subrecipient rather than a vendor and incorrectly reported $20,936 in funds paid to the entity as subrecipient expenditures on its Exhibit K1 submitted to the OSC. WHY DID THESE PROBLEMS OCCUR? The Department?s subrecipient policies and procedures are voluminous and performed throughout multiple divisions within the Department. Therefore, the results of monitoring procedures performed are documented in various areas and not contained in one central location. The Department also does not have policies and procedures in place to identify appropriate actions to be taken when issues are identified. In addition, the Department lacks a process for analyzing the types of entities it is contracting with for the Program in order to separately identify the entities as vendors or subrecipients; rather, staff indicated that, during the contracting process, all contract expenditures related to this Program are recorded as subrecipient expenditures, including service-related or vendor contracts. WHY DO THESE PROBLEMS MATTER? Performing timely and appropriate identification and monitoring of subrecipients, including ensuring that they undergo required Single Audits, provides the Department with a method to identify federal grant-related issues and to ensure its compliance with federal subrecipient monitoring requirements. By taking appropriate actions to address the results of its monitoring, the Department can mitigate the risk of providing continuing funding to entities that may not be using funds in accordance with Program requirements. This is particularly important because the Department passes 97 percent of these Program funds to subrecipients. The Department?s failure to comply with federal requirements could result in a loss of funding from the federal government. See Schedule of Findings and Questioned Costs for chart/table RECOMMENDATION 2020-075 The Department of Transportation (Department) should ensure that it improves its internal controls over, and complies with, federal Formula Grants for Rural Areas and Tribal Transit Program requirements for subrecipient monitoring by: A Ensuring that subrecipient monitoring policies and procedures are centralized, condensed, and available to all personnel who are responsible for performing subrecipient monitoring activities. The policies and procedures should clearly list responsibilities for each division within the Department and be inclusive of all monitoring activities performed and contain clear directives for acting on subrecipients? failure to comply with requirements, including providing its single audit report, by assessing possible impacts from the noncompliance and instituting appropriate alternative procedures. B Implementing a process for analyzing its contracted entities during the contracting and awarding process by reviewing the nature and terms of contracts, separately identifying the contracted entities as vendors or subrecipients, and recording the contract expenditures appropriately based on this assessment. RESPONSE DEPARTMENT OF TRANSPORTATION A AGREE. IMPLEMENTATION DATE: JULY 2022. CDOT will work with various divisions to devise a plan that will comply with this finding and the recommendations noted within. This plan shall include identifying a centralized location for all policies and procedures related to subrecipient monitoring. We will look at all policies and procedures to ensure they clearly identify responsibilities and requirements for non-compliance. B AGREE. IMPLEMENTATION DATE: JULY 2022. CDOT will work with various divisions to devise a plan that will comply with this finding and the recommendations noted within. This plan shall include establishing a process by which an analysis of contracted entities will be performed to identify and properly record entities as a vendor or subrecipient.
The following finding and recommendation relating to an internal control deficiency classified as a Significant Deficiency was communicated to the Department of Transportation (Department) in the previous year and has not been remediated as of June 30, 2022 because the original implementation date provided by the Department was in a subsequent fiscal year. This complete finding and recommendation can be found within the original report and the complete recommendation can be found within Section IV: Prior Audit Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table Finding 2021-068 The following finding and recommendation relating to an internal control deficiency classified as a Significant Deficiency was communicated to the Department in the previous year and has not been remediated as of June 30, 2021, because the original implementation date provided by the Department is in a subsequent fiscal year. This complete finding and recommendation can be found in the original report and Section III: Prior Federal Recommendations of this report. See Schedule of Findings and Questioned Costs for chart/table. Finding 2020-075 FORMULA GRANTS FOR RURAL AREAS?INTERNAL CONTROLS AND COMPLIANCE WITH SUBRECIPIENT MONITORING The Department received funding from the Federal Transit Authority (FTA) for the Program during Fiscal Year 2020 and expended approximately $26.8 million under the Program; the expenditures included approximately $16.9 million from the Coronavirus Aid, Relief, and Economic Security Act (CARES Act). The objective of this Program is to initiate, improve, or continue public transportation services in rural areas. FTA provides financial and technical assistance to local public transit systems, including buses, subways, light rail, commuter rail, trolleys, and ferries. FTA also oversees safety measures and helps develop next-generation technology research. Approximately $26.0 million (97 percent) of the Program funds expended by the Department were passed through to subrecipients in order to carry out a portion of the Program. WHAT WAS THE PURPOSE OF OUR AUDIT WORK AND WHAT WORK WAS PERFORMED? The purpose of the audit work was to determine whether the Department had effective internal controls in place during Fiscal Year 2020 over the Program, and complied with the Program?s subrecipient monitoring activities. As part of our audit work, we reviewed the Department?s internal controls over compliance for the Program?s subrecipient monitoring. In addition, we tested a random sample of five of 45 Program subrecipients for Fiscal Year 2020 to determine whether the subrecipient monitoring procedures the Department performed during the year were compliant with federal requirements. HOW WERE THE RESULTS OF THE AUDIT WORK MEASURED? Our audit work was designed to measure the results of compliance with the following criteria: ? Federal regulations [2 CFR 200.332(b)] require that the Department evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward and may include various factors. Federal regulations [2 CFR 200.332(d)-(f)] also require the Department to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. Monitoring must include: ? Reviewing financial and programmatic reports. ? Following up and ensuring the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award. ? Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity, as required by 2 CFR 200.521. ? Federal regulation [2 CFR 200.303] states that the Department, as a federal grant recipient, must ?establish and maintain effective internal controls over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulation, and the terms and conditions of the Federal award.? The Department?s internal control policies and procedures require the Internal Audit Division to obtain and review single audit certification forms, whereby subrecipients are required to certify whether they are subject to a Single Audit. Internal Audit Division staff are required to review each certification and related Single Audit report, as applicable, and perform follow-up activities related to deficiencies and audit findings. ? Additionally, the Department is required to report the total amount of federal awards expended to the Office of the State Controller (OSC) via the Exhibit K1, Schedule of Federal Assistance. The Exhibit K1 is the document through which state departments report federal expenditure information to the OSC, including separate columns to indicate types of expenditures, for statewide compilation and reporting. WHAT PROBLEMS DID THE AUDIT WORK IDENTIFY? We identified issues related to two of the five (40 percent) Program subrecipients identified by the Department for Fiscal Year 2020 as follows: ? The Department did not take sufficient steps to address one subrecipient?s failure to obtain a 2019 Single Audit. Specifically, the subrecipient received approximately $78,500 in pass-through Program funding from the Department and communicated to the Department in its single audit certification for the year ending December 31, 2019, that it was subject to a Single Audit; however, that audit had not been conducted as of the completion of our Fiscal Year 2020 audit testwork in April 2021. While it appeared that the Department communicated various times with the subrecipient about the missing audit, the Department did not assess possible impacts from the missing audit or take any action to institute alternate monitoring procedures of the subrecipient. ? For the second subrecipient tested, the Department inappropriately considered the entity to be a subrecipient rather than a vendor and incorrectly reported $20,936 in funds paid to the entity as subrecipient expenditures on its Exhibit K1 submitted to the OSC. WHY DID THESE PROBLEMS OCCUR? The Department?s subrecipient policies and procedures are voluminous and performed throughout multiple divisions within the Department. Therefore, the results of monitoring procedures performed are documented in various areas and not contained in one central location. The Department also does not have policies and procedures in place to identify appropriate actions to be taken when issues are identified. In addition, the Department lacks a process for analyzing the types of entities it is contracting with for the Program in order to separately identify the entities as vendors or subrecipients; rather, staff indicated that, during the contracting process, all contract expenditures related to this Program are recorded as subrecipient expenditures, including service-related or vendor contracts. WHY DO THESE PROBLEMS MATTER? Performing timely and appropriate identification and monitoring of subrecipients, including ensuring that they undergo required Single Audits, provides the Department with a method to identify federal grant-related issues and to ensure its compliance with federal subrecipient monitoring requirements. By taking appropriate actions to address the results of its monitoring, the Department can mitigate the risk of providing continuing funding to entities that may not be using funds in accordance with Program requirements. This is particularly important because the Department passes 97 percent of these Program funds to subrecipients. The Department?s failure to comply with federal requirements could result in a loss of funding from the federal government. See Schedule of Findings and Questioned Costs for chart/table RECOMMENDATION 2020-075 The Department of Transportation (Department) should ensure that it improves its internal controls over, and complies with, federal Formula Grants for Rural Areas and Tribal Transit Program requirements for subrecipient monitoring by: A Ensuring that subrecipient monitoring policies and procedures are centralized, condensed, and available to all personnel who are responsible for performing subrecipient monitoring activities. The policies and procedures should clearly list responsibilities for each division within the Department and be inclusive of all monitoring activities performed and contain clear directives for acting on subrecipients? failure to comply with requirements, including providing its single audit report, by assessing possible impacts from the noncompliance and instituting appropriate alternative procedures. B Implementing a process for analyzing its contracted entities during the contracting and awarding process by reviewing the nature and terms of contracts, separately identifying the contracted entities as vendors or subrecipients, and recording the contract expenditures appropriately based on this assessment. RESPONSE DEPARTMENT OF TRANSPORTATION A AGREE. IMPLEMENTATION DATE: JULY 2022. CDOT will work with various divisions to devise a plan that will comply with this finding and the recommendations noted within. This plan shall include identifying a centralized location for all policies and procedures related to subrecipient monitoring. We will look at all policies and procedures to ensure they clearly identify responsibilities and requirements for non-compliance. B AGREE. IMPLEMENTATION DATE: JULY 2022. CDOT will work with various divisions to devise a plan that will comply with this finding and the recommendations noted within. This plan shall include establishing a process by which an analysis of contracted entities will be performed to identify and properly record entities as a vendor or subrecipient.
Subrecipient Monitoring General Information: Grant Title: Airport Improvement Program ALN #: 20.106 Federal Agency: Department of Transportation Condition: We noted during our audit that the Logan County Commission failed to properly monitor subrecipients. Specifically, there was no assurance that the funds sent for reimbursement were expensed by the subrecipients. Criteria: Appendix XI of the 2 CFR Part 200 July 2021 Compliance Supplement states, in part: “Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f))…” Questioned Costs: $993,739 Context: $993,739 of disbursements were made to local governments without the subrecipients activities being monitored to ensure expenditures of the subaward were used for authorized purposes and in accordance with the grant guidelines. Cause: The Logan County Commission did not have procedures in place to ensure this subrecipient monitoring requirement was performed. Effect: Failure to properly monitor subrecipients increases the likelihood of errors or irregularities not being prevented or detected in a timely manner. Additionally, the risk of unallowable activities and unallowable costs is significantly increased. Management failed to comply with all applicable, material compliance requirements of the grant agreement. Recommendation: The Logan County Commission is directed to review this regulation and comply with the provisions set forth therein. Clients’ response See Corrective Action Plan
Finding 2022-015 – Noncompliance with Subrecipient Monitoring Over Federal Grant – Coronavirus State and Local Fiscal Recovery Funds PASS-THROUGH GRANTOR: Direct Grant FEDERAL AGENCY: U.S. Department of Treasury ASSISTANE LISTING: 21.027 FEDERAL PROGRAM NAME: Coronavirus State and Local Fiscal Recovery Funds FEDERAL AWARD YEAR: 2021 CONTROL CATEGORY: Subrecipient Monitoring QUESTIONED COSTS: $404,258 Condition: During our audit it was noted the County had three (3) subrecipients of the Coronavirus State and Local Fiscal Recovery Funds, in which the county does not have a subrecipient monitoring policy, and the County did not obtain subrecipient agreements comprising the following information: • Subrecipient name. • Subrecipient Authorized Representative and program contact information. • Subrecipient Employee Identification Number (EIN) and DUNS number. • Federal Award Identification Number (FAIN). • Name of Federal Awarding Agency. • Contact information for the official at the Federal Awarding Agency. • Catalog of Assistance Listing (AL) number and name. • Federal award date. • Total amount of the federal award and Indirect Cost Rate. • Federal award project description. • Start and end date of the agreement. • Amount of federal funds budgeted for the agreement and Indirect Cost Rate allowed. • A statement that all activities must be in accordance with federal statutes, regulations, and terms and conditions of the federal award. The sub recipient should receive a copy of the award documents. • A detailed description of any additional requirements you want the subrecipient to be responsible for such as performance and/or financial reports, attending meetings and/or trainings etc. • A statement about the monitoring activities, such as where/when they will take place; also include a statement indicating the subrecipient will collaborate on monitoring activities including providing requested financial documents. • A statement indicating if any of the items in the agreement change during the period of performance, the agreement will be amended. • Provide close out terms and conditions. In addition, it was noted the County did not verify the subrecipients were not suspended or debarred. Further, it was noted the county expended the funds to the subrecipients before receiving the proper documentation and the county paid subrecipients $83,546 more than documentation received. Comanche County Fairgrounds Trust Authority $ 12,881 Comanche County Facilities Authority 70,665 Total undocumented: $ 83,546 Cause of Condition: Policies and procedures have not been designed and implemented to ensure federal expenditures are made in accordance with compliance requirements. Effect of Condition: This condition resulted in noncompliance with grant requirements. Recommendation: OSAI recommends the County gain an understanding of the requirements for this program and implement internal controls to ensure compliance with these requirements. Management Response: Chairman of the Board of County Commissioners: The Board of County Commissioners will take measures to ensure future compliance with all requirements of federal grants. Criteria: 2 CFR 200, §200.332 Requirements for Pass-Through Entities states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award. (5) A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part. (6) Appropriate terms and conditions concerning closeout of the subaward.
Subrecipient Monitoring Finding Type: Significant Deficiency in Internal control over compliance and noncompliance Federal Program Title and AL Number: Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) (93.323). Criteria: The Uniform Guidance in 2 CFR Section 200.332 (b) states that pass-through entities must “evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.” Condition and context: The Organization did not have a subrecipient risk assessment process in place that corresponded with a risk-based monitoring plan. Cause: The Organization’s internal controls did not ensure compliance with 2 CFR Section 200.332. Effect: The Organization did not comply with subrecipient monitoring requirements. Questioned Costs: Questioned costs are not able to be determined. Repeat finding: No. Recommendation: We recommend that the Organization implement a formal risk assessment process to monitor its subrecipients. Views of responsible officials and planned corrective actions: Management concurs with the finding and recommendation. Please see the attached corrective action plan.
Subrecipient Monitoring Finding Type: Significant Deficiency in Internal control over compliance and noncompliance Federal Program Title and AL Number: Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) (93.323). Criteria: The Uniform Guidance in 2 CFR Section 200.332 (b) states that pass-through entities must “evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.” Condition and context: The Organization did not have a subrecipient risk assessment process in place that corresponded with a risk-based monitoring plan. Cause: The Organization’s internal controls did not ensure compliance with 2 CFR Section 200.332. Effect: The Organization did not comply with subrecipient monitoring requirements. Questioned Costs: Questioned costs are not able to be determined. Repeat finding: No. Recommendation: We recommend that the Organization implement a formal risk assessment process to monitor its subrecipients. Views of responsible officials and planned corrective actions: Management concurs with the finding and recommendation. Please see the attached corrective action plan.
Subrecipient Monitoring Finding Type: Significant Deficiency in Internal control over compliance and noncompliance Federal Program Title and AL Number: Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) (93.323). Criteria: The Uniform Guidance in 2 CFR Section 200.332 (b) states that pass-through entities must “evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.” Condition and context: The Organization did not have a subrecipient risk assessment process in place that corresponded with a risk-based monitoring plan. Cause: The Organization’s internal controls did not ensure compliance with 2 CFR Section 200.332. Effect: The Organization did not comply with subrecipient monitoring requirements. Questioned Costs: Questioned costs are not able to be determined. Repeat finding: No. Recommendation: We recommend that the Organization implement a formal risk assessment process to monitor its subrecipients. Views of responsible officials and planned corrective actions: Management concurs with the finding and recommendation. Please see the attached corrective action plan.
Subrecipient Monitoring Finding Type: Significant Deficiency in Internal control over compliance and noncompliance Federal Program Title and AL Number: Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) (93.323). Criteria: The Uniform Guidance in 2 CFR Section 200.332 (b) states that pass-through entities must “evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.” Condition and context: The Organization did not have a subrecipient risk assessment process in place that corresponded with a risk-based monitoring plan. Cause: The Organization’s internal controls did not ensure compliance with 2 CFR Section 200.332. Effect: The Organization did not comply with subrecipient monitoring requirements. Questioned Costs: Questioned costs are not able to be determined. Repeat finding: No. Recommendation: We recommend that the Organization implement a formal risk assessment process to monitor its subrecipients. Views of responsible officials and planned corrective actions: Management concurs with the finding and recommendation. Please see the attached corrective action plan.
Subrecipient Monitoring Finding Type: Significant Deficiency in Internal control over compliance and noncompliance Federal Program Title and AL Number: Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) (93.323). Criteria: The Uniform Guidance in 2 CFR Section 200.332 (b) states that pass-through entities must “evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.” Condition and context: The Organization did not have a subrecipient risk assessment process in place that corresponded with a risk-based monitoring plan. Cause: The Organization’s internal controls did not ensure compliance with 2 CFR Section 200.332. Effect: The Organization did not comply with subrecipient monitoring requirements. Questioned Costs: Questioned costs are not able to be determined. Repeat finding: No. Recommendation: We recommend that the Organization implement a formal risk assessment process to monitor its subrecipients. Views of responsible officials and planned corrective actions: Management concurs with the finding and recommendation. Please see the attached corrective action plan.
2022-006 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name, Federal Assistance Listing Number U.S. Department of Labor, WIOA Cluster 17.258/17.259/17.278 Criteria: 2 CFR 200.303 requires that a non-federal entity must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).” Recipients must ensure that commercial organizations that are subrecipients under WIOA Title I and expend more than the minimum level specified in 2 CFR Part 200, Subpart F, have either an organization-wide audit conducted in accordance with 2 CFR Part 200 or a program-specific financial and compliance audit (20 CFR section 683.210). 2 CFR 200.332(b) requires that all pass-through entities must: Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section. Condition: Upon inquiry of management, the Board did not perform any subrecipient monitoring procedures related to the Board’s grant agreement with its subrecipient for the fiscal year ended June 30, 2022. Questioned Costs: Unknown Context: Total federal expenditures for the WIOA Cluster were $3,927,799 for the year ended June 30, 2022, which included $1,390,746 of expenditures to subrecipients. Cause: Although the Board has policies and procedures in place surrounding the subrecipient monitoring compliance requirements, due to staffing issues during the fiscal year and lack of knowledge of all the federal compliance requirements, no subrecipient monitoring was completed. Effect: The Board is not in compliance with the federal statutes, regulations, and terms and conditions of the federal award. Recommendation: We recommend that the Board review its policies and procedures for sufficiency and commit the appropriate personnel to subrecipient monitoring to ensure that the Board is in compliance with all federal requirements. Views of Responsible Officials: We agree with the finding and will take the necessary corrective actions as noted in the corrective action plan attached.
2022-006 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name, Federal Assistance Listing Number U.S. Department of Labor, WIOA Cluster 17.258/17.259/17.278 Criteria: 2 CFR 200.303 requires that a non-federal entity must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).” Recipients must ensure that commercial organizations that are subrecipients under WIOA Title I and expend more than the minimum level specified in 2 CFR Part 200, Subpart F, have either an organization-wide audit conducted in accordance with 2 CFR Part 200 or a program-specific financial and compliance audit (20 CFR section 683.210). 2 CFR 200.332(b) requires that all pass-through entities must: Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section. Condition: Upon inquiry of management, the Board did not perform any subrecipient monitoring procedures related to the Board’s grant agreement with its subrecipient for the fiscal year ended June 30, 2022. Questioned Costs: Unknown Context: Total federal expenditures for the WIOA Cluster were $3,927,799 for the year ended June 30, 2022, which included $1,390,746 of expenditures to subrecipients. Cause: Although the Board has policies and procedures in place surrounding the subrecipient monitoring compliance requirements, due to staffing issues during the fiscal year and lack of knowledge of all the federal compliance requirements, no subrecipient monitoring was completed. Effect: The Board is not in compliance with the federal statutes, regulations, and terms and conditions of the federal award. Recommendation: We recommend that the Board review its policies and procedures for sufficiency and commit the appropriate personnel to subrecipient monitoring to ensure that the Board is in compliance with all federal requirements. Views of Responsible Officials: We agree with the finding and will take the necessary corrective actions as noted in the corrective action plan attached.
2022-006 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name, Federal Assistance Listing Number U.S. Department of Labor, WIOA Cluster 17.258/17.259/17.278 Criteria: 2 CFR 200.303 requires that a non-federal entity must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).” Recipients must ensure that commercial organizations that are subrecipients under WIOA Title I and expend more than the minimum level specified in 2 CFR Part 200, Subpart F, have either an organization-wide audit conducted in accordance with 2 CFR Part 200 or a program-specific financial and compliance audit (20 CFR section 683.210). 2 CFR 200.332(b) requires that all pass-through entities must: Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section. Condition: Upon inquiry of management, the Board did not perform any subrecipient monitoring procedures related to the Board’s grant agreement with its subrecipient for the fiscal year ended June 30, 2022. Questioned Costs: Unknown Context: Total federal expenditures for the WIOA Cluster were $3,927,799 for the year ended June 30, 2022, which included $1,390,746 of expenditures to subrecipients. Cause: Although the Board has policies and procedures in place surrounding the subrecipient monitoring compliance requirements, due to staffing issues during the fiscal year and lack of knowledge of all the federal compliance requirements, no subrecipient monitoring was completed. Effect: The Board is not in compliance with the federal statutes, regulations, and terms and conditions of the federal award. Recommendation: We recommend that the Board review its policies and procedures for sufficiency and commit the appropriate personnel to subrecipient monitoring to ensure that the Board is in compliance with all federal requirements. Views of Responsible Officials: We agree with the finding and will take the necessary corrective actions as noted in the corrective action plan attached.
2022-006 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name, Federal Assistance Listing Number U.S. Department of Labor, WIOA Cluster 17.258/17.259/17.278 Criteria: 2 CFR 200.303 requires that a non-federal entity must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).” Recipients must ensure that commercial organizations that are subrecipients under WIOA Title I and expend more than the minimum level specified in 2 CFR Part 200, Subpart F, have either an organization-wide audit conducted in accordance with 2 CFR Part 200 or a program-specific financial and compliance audit (20 CFR section 683.210). 2 CFR 200.332(b) requires that all pass-through entities must: Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section. Condition: Upon inquiry of management, the Board did not perform any subrecipient monitoring procedures related to the Board’s grant agreement with its subrecipient for the fiscal year ended June 30, 2022. Questioned Costs: Unknown Context: Total federal expenditures for the WIOA Cluster were $3,927,799 for the year ended June 30, 2022, which included $1,390,746 of expenditures to subrecipients. Cause: Although the Board has policies and procedures in place surrounding the subrecipient monitoring compliance requirements, due to staffing issues during the fiscal year and lack of knowledge of all the federal compliance requirements, no subrecipient monitoring was completed. Effect: The Board is not in compliance with the federal statutes, regulations, and terms and conditions of the federal award. Recommendation: We recommend that the Board review its policies and procedures for sufficiency and commit the appropriate personnel to subrecipient monitoring to ensure that the Board is in compliance with all federal requirements. Views of Responsible Officials: We agree with the finding and will take the necessary corrective actions as noted in the corrective action plan attached.
2022-006 SUBRECIPIENT MONITORING Federal Program Information: Federal Agency and Program Name, Federal Assistance Listing Number U.S. Department of Labor, WIOA Cluster 17.258/17.259/17.278 Criteria: 2 CFR 200.303 requires that a non-federal entity must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).” Recipients must ensure that commercial organizations that are subrecipients under WIOA Title I and expend more than the minimum level specified in 2 CFR Part 200, Subpart F, have either an organization-wide audit conducted in accordance with 2 CFR Part 200 or a program-specific financial and compliance audit (20 CFR section 683.210). 2 CFR 200.332(b) requires that all pass-through entities must: Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section. Condition: Upon inquiry of management, the Board did not perform any subrecipient monitoring procedures related to the Board’s grant agreement with its subrecipient for the fiscal year ended June 30, 2022. Questioned Costs: Unknown Context: Total federal expenditures for the WIOA Cluster were $3,927,799 for the year ended June 30, 2022, which included $1,390,746 of expenditures to subrecipients. Cause: Although the Board has policies and procedures in place surrounding the subrecipient monitoring compliance requirements, due to staffing issues during the fiscal year and lack of knowledge of all the federal compliance requirements, no subrecipient monitoring was completed. Effect: The Board is not in compliance with the federal statutes, regulations, and terms and conditions of the federal award. Recommendation: We recommend that the Board review its policies and procedures for sufficiency and commit the appropriate personnel to subrecipient monitoring to ensure that the Board is in compliance with all federal requirements. Views of Responsible Officials: We agree with the finding and will take the necessary corrective actions as noted in the corrective action plan attached.
Criteria: Uniform Guidance requires pass-through entities to oversee the activities of service providers with respect to provision of services, reporting, voluntary contributions, and coordination of services under 2 CFR 200.332. Condition: The Agency did not comply with the Uniform Guidance requirement to evaluate each subrecipient’s risk of non-compliance and to monitor activities to ensure the federal award is used for authorized purposes. Questioned Costs: $0 Cause: There was significant key employee turnover during and subsequent to the fiscal year-end. Effect: The Agency was not in compliance with Uniform Guidance 2 CFR 200.332. Recommendation: We recommend the Agency monitors its subrecipients regularly. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding and in March 2023, the Agency hired a new Executive Director and in August 2023, a new Fiscal Officer. The new management team has implemented policies and procedures to comply with subrecipient monitoring requirements.
Criteria: Uniform Guidance requires pass-through entities to oversee the activities of service providers with respect to provision of services, reporting, voluntary contributions, and coordination of services under 2 CFR 200.332. Condition: The Agency did not comply with the Uniform Guidance requirement to evaluate each subrecipient’s risk of non-compliance and to monitor activities to ensure the federal award is used for authorized purposes. Questioned Costs: $0 Cause: There was significant key employee turnover during and subsequent to the fiscal year-end. Effect: The Agency was not in compliance with Uniform Guidance 2 CFR 200.332. Recommendation: We recommend the Agency monitors its subrecipients regularly. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding and in March 2023, the Agency hired a new Executive Director and in August 2023, a new Fiscal Officer. The new management team has implemented policies and procedures to comply with subrecipient monitoring requirements.
Criteria: Uniform Guidance requires pass-through entities to oversee the activities of service providers with respect to provision of services, reporting, voluntary contributions, and coordination of services under 2 CFR 200.332. Condition: The Agency did not comply with the Uniform Guidance requirement to evaluate each subrecipient’s risk of non-compliance and to monitor activities to ensure the federal award is used for authorized purposes. Questioned Costs: $0 Cause: There was significant key employee turnover during and subsequent to the fiscal year-end. Effect: The Agency was not in compliance with Uniform Guidance 2 CFR 200.332. Recommendation: We recommend the Agency monitors its subrecipients regularly. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding and in March 2023, the Agency hired a new Executive Director and in August 2023, a new Fiscal Officer. The new management team has implemented policies and procedures to comply with subrecipient monitoring requirements.
Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. However, it was noted that the Organization implemented a process during the year to properly document whether a company is a contractor or a subrecipient. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are in compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should have instituted a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2021-006
Subrecipient Monitoring (Significant Deficiency in Internal Controls over Compliance, Other Noncompliance) Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Foster Care – Title IV-E Assistance Listing Number: 93.658 Criteria: 2 CFR Part 200 Uniform Administrative Requirements, Post Federal Award Requirements and Cost Principles for Federal Award (Uniform Guidance) requires the grantee to monitor the activities of subrecipients to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations and terms and conditions of the subaward. Additionally, when the County passes money through to subrecipients, the County must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes certain information at the time of the subaward. Condition: During our testing, we selected five subrecipients from a population of 24 subrecipients for testing and the County was unable to provide us with documentation of their risk assessment and the County did not obtain the single audit reports of the subrecipients as part of their monitoring procedures for all five. Management did obtain the California Department of Social Services management decision letters for two out of the five subrecipients tested. Questioned Costs: None Cause: The County does not have the proper training regarding compliance Uniform Guidance for subrecipients. Effect: The County was not in compliance with federal award subrecipient monitoring requirements. Continued noncompliance could result in sanctions by the federal awarding agency, including withholding future funding. Repeat Finding: Yes, prior year 2021-002 Recommendation: The County should establish policies and procedures to ensure risk assessment is documented. The County should also obtain the single audit reports for their subrecipients and issue management decision letters as part of their monitoring. Views of responsible officials – The County (Human Services Agency) categorized five providers, all FFAs as subrecipients that received Title IV-E funding. These providers are clearly identified in the FY 2021/22 Schedule of Expenditures of Federal Awards (SEFA) as mandated by 2 CFR 200.332. The County (Human Services Agency) concurs that there is no documented process for completing and documenting a risk assessment, obtaining copies of the single audit reports for each FFA, group homes, and STRTPs subrecipient, and issuing management decision letters as part of a documented monitoring policy and procedure. The County (Human Services Agency) relies on CDSS to perform certain licensing and oversight functions as the single state agency for Title IV-E funds. The County (Human Services Agency) is responsible for and does review these audits and their findings, however we concur that we did not sufficiently document our process or our follow-ups to ensure compliance.
Reference Number: 2022-011 Category of Finding: Subrecipient Monitoring Type of Finding: Material Weakness and Material Instance of Noncompliance State Administering Department: California Department of Public Health (Public Health) Assistance Listing Number: 93.323 Federal Program Title: Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) Federal Award Number and Year: NU50CK000539; 2021 Criteria Title 2 - Grants and Agreements. Subtitle A - Office of Management and Budget Guidance for Grants and Agreements. Chapter II - Office of Management and Budget Guidance. Part 200 - Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Subpart D - Post Federal Award Requirements. §200.303 Internal controls (2 CFR 200.303): The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Title 2 - Grants and Agreements. Subtitle A - Office of Management and Budget Guidance for Grants and Agreements. Chapter II - Office of Management and Budget Guidance. Part 200 - Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Subpart D - Post Federal Award Requirements. §200.332 Requirements for pass-through entities (2 CFR 200.332): All pass-through entities must: (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards: (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving cross-cutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section §200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501. (g) Consider whether the results of the subrecipient’s audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. Condition Public Health did not establish a formal risk assessment process over its subrecipients of federal awards to determine the frequency and extent of subrecipient monitoring to be performed. While Public Health received reimbursement invoices from subrecipients, there did not appear to be other financial or programmatic monitoring to verify subrecipents compliance with applicable requirements. In addition, Public Health did not obtain Single Audit reports from those subrecipients as required. Identification as a Repeat Finding Finding 2021-014 was reported in the immediate prior year. Cause Procedures to perform the required subrecipient monitoring were not established nor performed by Public Health. Effect By not properly evaluating the risk of noncompliance, Public Health may inadvertently award grant funds to subrecipients who lack the necessary mechanisms or understanding to adhere to federal statutes. This increases the likelihood of noncompliance arising during the performance of the grant-funded activities. Furthermore, failure to perform monitoring procedures or obtain Single Audit reports increases the risk for not properly identifying subrecipient program control weaknesses, noncompliance, and performing sufficient follow-up on any subrecipient corrective action. Questioned Costs No questioned costs were identified. Context Disbursements to subrecipients for the ELC program totaled $301,107,041, or 31.0% of total reported program expenditures. Recommendation Public Health should establish and document formal procedures for conducting risk assessments of its subrecipients, including criteria for evaluating organizational capacity, financial stability, compliance history, and programmatic capabilities. Public Health should also develop and implement specific subrecipient monitoring procedures and establish a process for obtaining Single Audit reports from its subrecipients. Furthermore, a monitoring mechanism should be implemented to track compliance with the single audit mandate among subrecipients, including regular follow-ups and documentation of communication efforts. Views of Responsible Officials and Corrective Action Plan Management’s response is reported in “Management’s Response and Corrective Action Plan” included in a separate section at the end of this report.
Criteria: In accordance with 2 CFR 200.332 (b) pass-thru entities must evaluate each subrecipient?s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring and (d) pass-thru entities must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring must include: reviewing financial and performance reports, following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award, issuing a management decision for applicable audit findings pertaining to the Federal award provided to the subrecipient and resolving audit findings specifically related to the subaward. Condition/context: We selected the one subrecipient that the University passed federal funding to during the year ended June 30, 2022. We requested support that the University performed a risk assessment and was monitoring the subrecipient, noting the University did not perform a risk assessment and was not monitoring the subrecipient in accordance with 2 CFR 200.332 (b) or (d).Our sample was not, and was not intended to be, statistically valid.Questioned costs: None.Cause/Effect: The University does not have a clear understanding of the compliance requirements for subrecipient monitoring. The lack of subrecipient monitoring increases the risk that the subrecipient is not using the subaward for authorized purposes, in compliance with Federal statutes, regulations, or the terms and conditions of the subaward.Repeat finding: YesRecommendation: We recommend the University implement internal controls to assess the risk of the subrecipient and properly monitor any subrecipients of the University, such as reviewing single audits, financial and performance reports, or other necessary documentation of the subrecipient entity to help ensure the subrecipient is in compliance.Views of responsible officials and planned corrective actions: In agreement with the auditor?s recommendation of internal controls to properly monitor any subrecipients of the University, such as reviewing financial and performance reports of the subreceipient entity including any single audit reports. Heritage University has finalized the new ?Grant Management Policy & Procedures? manual. The grant management manual section on subrecipient is explicit about the University?s policies and procedures to ensure documentation is maintained.
Criteria: In accordance with 2 CFR 200.332 (b) pass-thru entities must evaluate each subrecipient?s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring and (d) pass-thru entities must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring must include: reviewing financial and performance reports, following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award, issuing a management decision for applicable audit findings pertaining to the Federal award provided to the subrecipient and resolving audit findings specifically related to the subaward. Condition/context: We selected the one subrecipient that the University passed federal funding to during the year ended June 30, 2022. We requested support that the University performed a risk assessment and was monitoring the subrecipient, noting the University did not perform a risk assessment and was not monitoring the subrecipient in accordance with 2 CFR 200.332 (b) or (d).Our sample was not, and was not intended to be, statistically valid.Questioned costs: None.Cause/Effect: The University does not have a clear understanding of the compliance requirements for subrecipient monitoring. The lack of subrecipient monitoring increases the risk that the subrecipient is not using the subaward for authorized purposes, in compliance with Federal statutes, regulations, or the terms and conditions of the subaward.Repeat finding: YesRecommendation: We recommend the University implement internal controls to assess the risk of the subrecipient and properly monitor any subrecipients of the University, such as reviewing single audits, financial and performance reports, or other necessary documentation of the subrecipient entity to help ensure the subrecipient is in compliance.Views of responsible officials and planned corrective actions: In agreement with the auditor?s recommendation of internal controls to properly monitor any subrecipients of the University, such as reviewing financial and performance reports of the subreceipient entity including any single audit reports. Heritage University has finalized the new ?Grant Management Policy & Procedures? manual. The grant management manual section on subrecipient is explicit about the University?s policies and procedures to ensure documentation is maintained.
Federal Awarding Agency: USTreasuryImpact: Significant Deficiency, NoncomplianceAL Number and Title: 21.019 Coronavirus Relief Fund (CRF) ? COVID-19Federal Award Number: SLT0031, SLT0073Applicable Compliance Requirement: Subrecipient MonitoringCondition:DCCED staff did not issue timely management decisions for three of the four CRF single audit findings requiring follow-up during FY 22.Context:Federal regulations require pass-through entities to issue a management decision for audit findings relating to federal awards provided to subrecipients. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the adequacy of the subrecipient?s proposed corrective actions to address the findings.Of the three untimely management decisions, two were issued past the six month requirement and one has not been issued as of the end of FY 22. For the two management decisions issued past the six month requirement, one was two months and the other was 11 months past the requirement as of the end of FY 22.Cause:Due to staff oversight, DCCED?s single audit procedures did not require management decisions to be issued within the six month requirement. Further, the procedures did not require a supervisory review.Criteria:Title 2 CFR 200.332(d)(3) states that pass-through entities? monitoring of subrecipients must include issuing a management decision for audit findings that relate to federal awards provided to subrecipients.Title 2 CFR 200.521(d) states a management decision must be issued within six months of acceptance of the audit report by the federal audit clearinghouse.Effect:The lack of timely management decisions may result in subrecipients not taking appropriate corrective action. Noncompliance with federal regulations may result in the federal awarding agency imposing additional conditions or taking corrective action, including additional reporting requirements.Questioned Costs:NoneRecommendation:DCCED?s DAS director should revise single audit procedures to ensure management decisions are issued within six months. Further, procedures should include adequate supervisory review.Views of Responsible Officials:Management agrees with the finding.
Federal Awarding Agency: USTreasuryImpact: Significant Deficiency, NoncomplianceAL Number and Title: 21.027 SLFRFFederal Award Number: SLFRP0006, SLFRP2633, SLFRP4544Applicable Compliance Requirement: Subrecipient MonitoringCondition:For one of two subrecipients, DCCED staff did not identify all federally required information on the FY 22 SLFRF subaward or conduct a risk assessment.Context:DCCED entered into a contract with the Juneau Economic Development Council (JEDC) to assist in administering the Grants to Tourism and Other Businesses for the Negative Economic Impacts portion of the SLFRF program. Under the contract, JEDC determined eligibility, sent payments to eligible grantees, and provided disbursement reports to DCCED for monitoring. This activity created a subrecipient relationship.The audit reviewed the form used to contract with JEDC and determined that none of the federally required information was included on the form. Additionally, the audit found that a risk assessment was not conducted for JEDC.Cause:Due to staff turnover in the program manager position, JEDC was not initially identified as a subrecipient since a contract was used instead of a grant award document.Criteria:Title 2 CFR 200.303 requires the State to establish and maintain effective internal controls over federal awards that provide reasonable assurance that the State is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal award.Title 2 CFR 200.332 requires the State to perform annual risk assessments and ensure every subaward includes the required information at the time of the subaward.Effect:Absent risk assessments, subrecipients may not be sufficiently monitored, increasing the risk of inappropriate use of SLFRF monies and noncompliance with federal laws. Not providing the required information in the subaward document increases the risk of subrecipient noncompliance with the terms and conditions of the federal award and could result in the State repaying SLFRF monies to the federal government.Questioned Costs:NoneRecommendation:DCCED?s DAS director should strengthen training of program manager staff to ensure compliance with all subrecipient monitoring requirements applicable to federally funded subawards.Views of Responsible Officials:Management agrees with the finding.
Prior Year Finding: 2021-024Federal Awarding Agency: USEDImpact: Significant Deficiency, NoncomplianceAL Number and Title: 84.425D ESSER ? COVID-1984.425U ARP ESSER Fund ? COVID-19Federal Award Number: S425D210020, S425U210020Applicable Compliance Requirement: Subrecipient MonitoringCondition:DEED staff did not document risk assessments for non-Local Educational Agency (LEA) subrecipients.Context:Prior to the ESSER program, DEED rarely made subawards to entities that were not LEAs. Under the ESSER program DEED must subgrant 90 percent of funding to LEAs. The remaining 10 percent of funding can be allocated by DEED with greater discretion and includes subawards to non-LEAs. DEED staff did not conduct ESSER-specific risk assessments for LEAs. Instead, DEED staff relied on risk assessments performed for a different federal program, which was limited to LEAs.Cause:Risk assessments were not performed for non-LEA subrecipients because DEED utilized a risk assessment created for a different federal program, which only made grants to LEAs. According to DEED staff, formalized monitoring tools for non-LEA subrecipients will be implemented beginning in FY 23.Criteria:Title 2 CFR 200.303(a) requires the State to establish and maintain effective internal control over the federal award that provides reasonable assurance that the State is managing the federal awards in compliance with federal statutes, regulations, and terms and conditions of the grant awards.Title 2 CFR 200.332(b) requires the State to evaluate each subrecipient?s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining appropriate subrecipient monitoring.Effect:Not performing risk assessments and not implementing formalized monitoring tools for all subrecipients could potentially result in inappropriate use of federal awards.Questioned Costs:NoneRecommendation:DEED?s DAS director should update risk assessment and monitoring procedures to include non-LEAs to ensure all ESSER subrecipients receive an appropriate level of monitoring.Views of Responsible Officials:Management agrees with the finding.
Prior Year Finding: 2021-024Federal Awarding Agency: USEDImpact: Significant Deficiency, NoncomplianceAL Number and Title: 84.425D ESSER ? COVID-1984.425U ARP ESSER Fund ? COVID-19Federal Award Number: S425D210020, S425U210020Applicable Compliance Requirement: Subrecipient MonitoringCondition:DEED staff did not document risk assessments for non-Local Educational Agency (LEA) subrecipients.Context:Prior to the ESSER program, DEED rarely made subawards to entities that were not LEAs. Under the ESSER program DEED must subgrant 90 percent of funding to LEAs. The remaining 10 percent of funding can be allocated by DEED with greater discretion and includes subawards to non-LEAs. DEED staff did not conduct ESSER-specific risk assessments for LEAs. Instead, DEED staff relied on risk assessments performed for a different federal program, which was limited to LEAs.Cause:Risk assessments were not performed for non-LEA subrecipients because DEED utilized a risk assessment created for a different federal program, which only made grants to LEAs. According to DEED staff, formalized monitoring tools for non-LEA subrecipients will be implemented beginning in FY 23.Criteria:Title 2 CFR 200.303(a) requires the State to establish and maintain effective internal control over the federal award that provides reasonable assurance that the State is managing the federal awards in compliance with federal statutes, regulations, and terms and conditions of the grant awards.Title 2 CFR 200.332(b) requires the State to evaluate each subrecipient?s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining appropriate subrecipient monitoring.Effect:Not performing risk assessments and not implementing formalized monitoring tools for all subrecipients could potentially result in inappropriate use of federal awards.Questioned Costs:NoneRecommendation:DEED?s DAS director should update risk assessment and monitoring procedures to include non-LEAs to ensure all ESSER subrecipients receive an appropriate level of monitoring.Views of Responsible Officials:Management agrees with the finding.
FINDING 2022-210The Department did not review subrecipient application information for Coronavirus State and Local Fiscal Recovery Funds at a sufficient level to identify missing information from required documentation.Type of Finding: Significant Deficiency, NoncomplianceAssistance Listing Title: Coronavirus State and Local Fiscal Recovery FundsAssistance Listing Number: 21.027Federal Award Number: 20-1982-0-1-806Program Year: March 3, 2021 ? December 31, 2024Federal Agency: Department of TreasuryCompliance Requirement: Subrecipient MonitoringQuestioned Costs: NoneCriteria: The Uniform Guidance included in 2 CFR 200.303 requires that a nonfederal entity receiving federal awards establish and maintain internal controls that provide reasonable assurance that the nonfederal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions in the federal award.The Internal Control Integrated Framework published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) identifies control activities that help ensure management directives are carried out throughout the operation. Verifications, approvals, and authorizations are all control activities that support this objective.The Uniform Guidance included in 2 CFR 200.332 describes the pass-through entities? responsibility for administering necessary requirements on subrecipients so that the federal award is used in accordance with federal regulations.In addition, 2 CFR 25.300 states that (a) a recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier and (b) a recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier, as described in paragraph (a) of this section.Condition: The Department used Coronavirus State and Local Fiscal Recovery funds to provide financial support to hospitals during the COVID-19 pandemic. The Department was responsible for distributing these funds and created a process for hospitals to apply and receive funding. During testing, we identified 2 applications out of 8 reviewed, or 25 percent, that did not have unique entity identifier numbers attached to the documentation provided for testing, as required by 2 CFR 25.300.Cause: The Department had review procedures in place, but the reviews of subrecipient application documentation failed to detect the absence of unique entity identifier numbers. This number is required as part of the subgranting process.Effect: The Department is exposed to increased risk of improper payments and noncompliance with federal requirements when applications do not meet all requirements for receiving funding.Recommendation: We recommend that the Department design and implement effective internal control procedures to ensure adequate subrecipient applications are completed accurately and in compliance with federal requirements.Management?s View: The Department agrees with this finding.Corrective Action: Corrective action is complete. Internal controls are in place as the Department procurement policy; staff are trained to check SAM.gov on all subrecipients. Additionally, internal forms needed to execute a subrecipient agreement require documentation of the Unique Identifier. If the Unique Identifier field is left blank, the Department Contracts and Procurement Unit will not process the agreement request. This finding was a result of a new process and untrained staff pulled into the rapid dispersal of COVID funds.Auditor?s Concluding Remarks: We thank the Department for its cooperation and assistance throughout the audit.
FINDING 2022-210The Department did not review subrecipient application information for Coronavirus State and Local Fiscal Recovery Funds at a sufficient level to identify missing information from required documentation.Type of Finding: Significant Deficiency, NoncomplianceAssistance Listing Title: Coronavirus State and Local Fiscal Recovery FundsAssistance Listing Number: 21.027Federal Award Number: 20-1982-0-1-806Program Year: March 3, 2021 ? December 31, 2024Federal Agency: Department of TreasuryCompliance Requirement: Subrecipient MonitoringQuestioned Costs: NoneCriteria: The Uniform Guidance included in 2 CFR 200.303 requires that a nonfederal entity receiving federal awards establish and maintain internal controls that provide reasonable assurance that the nonfederal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions in the federal award.The Internal Control Integrated Framework published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) identifies control activities that help ensure management directives are carried out throughout the operation. Verifications, approvals, and authorizations are all control activities that support this objective.The Uniform Guidance included in 2 CFR 200.332 describes the pass-through entities? responsibility for administering necessary requirements on subrecipients so that the federal award is used in accordance with federal regulations.In addition, 2 CFR 25.300 states that (a) a recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier and (b) a recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier, as described in paragraph (a) of this section.Condition: The Department used Coronavirus State and Local Fiscal Recovery funds to provide financial support to hospitals during the COVID-19 pandemic. The Department was responsible for distributing these funds and created a process for hospitals to apply and receive funding. During testing, we identified 2 applications out of 8 reviewed, or 25 percent, that did not have unique entity identifier numbers attached to the documentation provided for testing, as required by 2 CFR 25.300.Cause: The Department had review procedures in place, but the reviews of subrecipient application documentation failed to detect the absence of unique entity identifier numbers. This number is required as part of the subgranting process.Effect: The Department is exposed to increased risk of improper payments and noncompliance with federal requirements when applications do not meet all requirements for receiving funding.Recommendation: We recommend that the Department design and implement effective internal control procedures to ensure adequate subrecipient applications are completed accurately and in compliance with federal requirements.Management?s View: The Department agrees with this finding.Corrective Action: Corrective action is complete. Internal controls are in place as the Department procurement policy; staff are trained to check SAM.gov on all subrecipients. Additionally, internal forms needed to execute a subrecipient agreement require documentation of the Unique Identifier. If the Unique Identifier field is left blank, the Department Contracts and Procurement Unit will not process the agreement request. This finding was a result of a new process and untrained staff pulled into the rapid dispersal of COVID funds.Auditor?s Concluding Remarks: We thank the Department for its cooperation and assistance throughout the audit.
FINDING 2022-210The Department did not review subrecipient application information for Coronavirus State and Local Fiscal Recovery Funds at a sufficient level to identify missing information from required documentation.Type of Finding: Significant Deficiency, NoncomplianceAssistance Listing Title: Coronavirus State and Local Fiscal Recovery FundsAssistance Listing Number: 21.027Federal Award Number: 20-1982-0-1-806Program Year: March 3, 2021 ? December 31, 2024Federal Agency: Department of TreasuryCompliance Requirement: Subrecipient MonitoringQuestioned Costs: NoneCriteria: The Uniform Guidance included in 2 CFR 200.303 requires that a nonfederal entity receiving federal awards establish and maintain internal controls that provide reasonable assurance that the nonfederal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions in the federal award.The Internal Control Integrated Framework published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) identifies control activities that help ensure management directives are carried out throughout the operation. Verifications, approvals, and authorizations are all control activities that support this objective.The Uniform Guidance included in 2 CFR 200.332 describes the pass-through entities? responsibility for administering necessary requirements on subrecipients so that the federal award is used in accordance with federal regulations.In addition, 2 CFR 25.300 states that (a) a recipient may not make a subaward to a subrecipient unless that subrecipient has obtained and provided to the recipient a unique entity identifier. Subrecipients are not required to complete full SAM registration to obtain a unique entity identifier and (b) a recipient must notify any potential subrecipients that the recipient cannot make a subaward unless the subrecipient has obtained a unique entity identifier, as described in paragraph (a) of this section.Condition: The Department used Coronavirus State and Local Fiscal Recovery funds to provide financial support to hospitals during the COVID-19 pandemic. The Department was responsible for distributing these funds and created a process for hospitals to apply and receive funding. During testing, we identified 2 applications out of 8 reviewed, or 25 percent, that did not have unique entity identifier numbers attached to the documentation provided for testing, as required by 2 CFR 25.300.Cause: The Department had review procedures in place, but the reviews of subrecipient application documentation failed to detect the absence of unique entity identifier numbers. This number is required as part of the subgranting process.Effect: The Department is exposed to increased risk of improper payments and noncompliance with federal requirements when applications do not meet all requirements for receiving funding.Recommendation: We recommend that the Department design and implement effective internal control procedures to ensure adequate subrecipient applications are completed accurately and in compliance with federal requirements.Management?s View: The Department agrees with this finding.Corrective Action: Corrective action is complete. Internal controls are in place as the Department procurement policy; staff are trained to check SAM.gov on all subrecipients. Additionally, internal forms needed to execute a subrecipient agreement require documentation of the Unique Identifier. If the Unique Identifier field is left blank, the Department Contracts and Procurement Unit will not process the agreement request. This finding was a result of a new process and untrained staff pulled into the rapid dispersal of COVID funds.Auditor?s Concluding Remarks: We thank the Department for its cooperation and assistance throughout the audit.
FINDING 2022-206The Department did not complete required subrecipient monitoring of the Elementary and Secondary School Emergency Relief (ESSER) Fund of the Education Stabilization Fund.Type of Finding: Material Noncompliance, Material WeaknessAssistance Listing Title: Elementary and Secondary School Emergency Relief Fund; Emergency Assistance for Non-Public Schools; ARPA ESSER III; ARPA ESSER - Homeless Children and YouthAssistance Listing Number: 84.425D; 84.425R; 84.425U; 84.425WFederal Award Number: S425D210043; S425D200043; S425R210024; S425U210043; S425W210013Program Year: January 5, 2021 ? September 30, 2023; May 18, 2020 ? September 30, 2022; February 11, 2021 ? September 30, 2023; March 24, 2021 ? September 30, 2024; April 23, 2021 ? September 30, 2024Federal Agency: Department of EducationCompliance Requirement: Subrecipient MonitoringQuestioned Costs: NoneCriteria: The U.S. Code of Federal Regulations (CFR) 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, superseding the Office of Management and Budget (OMB) Circular A-102, Grants and Cooperative Agreements with State and Local Governments, describes the pass-through entity?s responsibility for administering necessary requirements on subrecipients so that the federal award is used in accordance with federal regulations.Specifically, 2 CFR 200.332(d) and 2 CFR 25.200 identify the requirements for the Department as the pass- through entity in providing subawards. This includes communication of certain information, such as the subrecipient?s unique entity identifier and required registration in the System for Award Management (SAM). In addition, the Department must evaluate each subrecipient?s risk of noncompliance with federal statutes and the terms and conditions of the subaward when determining the extent of subrecipient monitoring to be completed to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward, and that the subaward performance goals are achieved. In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, monitoring must include a review of financial and performance reports required by the pass-through entity, follow up on any deficiencies identified in the subrecipient that are detected through audits, on-site reviews and other means, and issuing a management decision for audit findings, as required by 2 CFR 200.521.Finally, 2 CFR 200.303 requires the Department to establish and maintain effective internal control over the federal award that provides reasonable assurance that the Department is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award.Condition: The Department initially received ESSER funding in fiscal year 2021 and integrated ESSER monitoring with the general subrecipient monitoring used for other federal programs. The Department?s 2020- 2021 Monitoring Tool included only one indicator related to the ESSER program and did not adequately address all subrecipient monitoring requirements. However, in fiscal year 2021, the Department determined that the existing monitoring procedures were not robust enough for the additional requirements associated with ESSER subrecipient monitoring and discontinued those procedures without implementing any alternative procedures during fiscal year 2022.This was a finding included in the Single Audit Report for the year ended June 30, 2021, and the Department provided a corrective action plan to monitor subrecipients. However, the Department did not implement the plan until after the audit period, in fiscal year 2023.Cause: The Department realized the current procedures were not sufficient to meet the monitoring requirements of ESSER and indicated a monitoring process specific to the ESSER program compliance requirements was being developed; however, it was not developed in a timely manner to comply with federal requirements.Effect: The Department is not in compliance with subrecipient monitoring requirements. Without adequate monitoring of subrecipients, the Department is exposed to an increased risk of making improper payments for unallowable or unsupported costs.Recommendation: We recommend that the Department implement procedures to ensure compliance with all requirements as a pass-through entity. We also recommend that the Department design and implement effective control procedures to ensure subrecipient monitoring activities are complete and appropriate.Management?s View: The Department agrees with this finding.Corrective Action: It was not until the end of the 2022 legislative session that spending authority was given to the State Department of Education to use ARP ESSER administrative funds to hire additional staff to meet the robust requirements identified by the U.S. Department of Education. Up to that point, only one full-time person was handling all of the needs associated with ESSER funds. Since then, two positions have been hired. The ESSER Data and Reporting Coordinator began in April 2022, and the ESSER Monitoring Coordinator began in June 2022. While developing the monitoring procedures began in July 2022, it was after the audit timeframe. The Department now has in place all ESSER monitoring policies and procedures and will complete year one monitoring before May 5, 2023.Auditor?s Concluding Remarks: We thank the Department for its cooperation and assistance throughout the audit.
FINDING 2022-206The Department did not complete required subrecipient monitoring of the Elementary and Secondary School Emergency Relief (ESSER) Fund of the Education Stabilization Fund.Type of Finding: Material Noncompliance, Material WeaknessAssistance Listing Title: Elementary and Secondary School Emergency Relief Fund; Emergency Assistance for Non-Public Schools; ARPA ESSER III; ARPA ESSER - Homeless Children and YouthAssistance Listing Number: 84.425D; 84.425R; 84.425U; 84.425WFederal Award Number: S425D210043; S425D200043; S425R210024; S425U210043; S425W210013Program Year: January 5, 2021 ? September 30, 2023; May 18, 2020 ? September 30, 2022; February 11, 2021 ? September 30, 2023; March 24, 2021 ? September 30, 2024; April 23, 2021 ? September 30, 2024Federal Agency: Department of EducationCompliance Requirement: Subrecipient MonitoringQuestioned Costs: NoneCriteria: The U.S. Code of Federal Regulations (CFR) 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, superseding the Office of Management and Budget (OMB) Circular A-102, Grants and Cooperative Agreements with State and Local Governments, describes the pass-through entity?s responsibility for administering necessary requirements on subrecipients so that the federal award is used in accordance with federal regulations.Specifically, 2 CFR 200.332(d) and 2 CFR 25.200 identify the requirements for the Department as the pass- through entity in providing subawards. This includes communication of certain information, such as the subrecipient?s unique entity identifier and required registration in the System for Award Management (SAM). In addition, the Department must evaluate each subrecipient?s risk of noncompliance with federal statutes and the terms and conditions of the subaward when determining the extent of subrecipient monitoring to be completed to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward, and that the subaward performance goals are achieved. In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, monitoring must include a review of financial and performance reports required by the pass-through entity, follow up on any deficiencies identified in the subrecipient that are detected through audits, on-site reviews and other means, and issuing a management decision for audit findings, as required by 2 CFR 200.521.Finally, 2 CFR 200.303 requires the Department to establish and maintain effective internal control over the federal award that provides reasonable assurance that the Department is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award.Condition: The Department initially received ESSER funding in fiscal year 2021 and integrated ESSER monitoring with the general subrecipient monitoring used for other federal programs. The Department?s 2020- 2021 Monitoring Tool included only one indicator related to the ESSER program and did not adequately address all subrecipient monitoring requirements. However, in fiscal year 2021, the Department determined that the existing monitoring procedures were not robust enough for the additional requirements associated with ESSER subrecipient monitoring and discontinued those procedures without implementing any alternative procedures during fiscal year 2022.This was a finding included in the Single Audit Report for the year ended June 30, 2021, and the Department provided a corrective action plan to monitor subrecipients. However, the Department did not implement the plan until after the audit period, in fiscal year 2023.Cause: The Department realized the current procedures were not sufficient to meet the monitoring requirements of ESSER and indicated a monitoring process specific to the ESSER program compliance requirements was being developed; however, it was not developed in a timely manner to comply with federal requirements.Effect: The Department is not in compliance with subrecipient monitoring requirements. Without adequate monitoring of subrecipients, the Department is exposed to an increased risk of making improper payments for unallowable or unsupported costs.Recommendation: We recommend that the Department implement procedures to ensure compliance with all requirements as a pass-through entity. We also recommend that the Department design and implement effective control procedures to ensure subrecipient monitoring activities are complete and appropriate.Management?s View: The Department agrees with this finding.Corrective Action: It was not until the end of the 2022 legislative session that spending authority was given to the State Department of Education to use ARP ESSER administrative funds to hire additional staff to meet the robust requirements identified by the U.S. Department of Education. Up to that point, only one full-time person was handling all of the needs associated with ESSER funds. Since then, two positions have been hired. The ESSER Data and Reporting Coordinator began in April 2022, and the ESSER Monitoring Coordinator began in June 2022. While developing the monitoring procedures began in July 2022, it was after the audit timeframe. The Department now has in place all ESSER monitoring policies and procedures and will complete year one monitoring before May 5, 2023.Auditor?s Concluding Remarks: We thank the Department for its cooperation and assistance throughout the audit.
FINDING 2022-206The Department did not complete required subrecipient monitoring of the Elementary and Secondary School Emergency Relief (ESSER) Fund of the Education Stabilization Fund.Type of Finding: Material Noncompliance, Material WeaknessAssistance Listing Title: Elementary and Secondary School Emergency Relief Fund; Emergency Assistance for Non-Public Schools; ARPA ESSER III; ARPA ESSER - Homeless Children and YouthAssistance Listing Number: 84.425D; 84.425R; 84.425U; 84.425WFederal Award Number: S425D210043; S425D200043; S425R210024; S425U210043; S425W210013Program Year: January 5, 2021 ? September 30, 2023; May 18, 2020 ? September 30, 2022; February 11, 2021 ? September 30, 2023; March 24, 2021 ? September 30, 2024; April 23, 2021 ? September 30, 2024Federal Agency: Department of EducationCompliance Requirement: Subrecipient MonitoringQuestioned Costs: NoneCriteria: The U.S. Code of Federal Regulations (CFR) 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, superseding the Office of Management and Budget (OMB) Circular A-102, Grants and Cooperative Agreements with State and Local Governments, describes the pass-through entity?s responsibility for administering necessary requirements on subrecipients so that the federal award is used in accordance with federal regulations.Specifically, 2 CFR 200.332(d) and 2 CFR 25.200 identify the requirements for the Department as the pass- through entity in providing subawards. This includes communication of certain information, such as the subrecipient?s unique entity identifier and required registration in the System for Award Management (SAM). In addition, the Department must evaluate each subrecipient?s risk of noncompliance with federal statutes and the terms and conditions of the subaward when determining the extent of subrecipient monitoring to be completed to ensure that the subaward is used for authorized purposes, in compliance with federal statutes, regulations, and the terms and conditions of the subaward, and that the subaward performance goals are achieved. In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, monitoring must include a review of financial and performance reports required by the pass-through entity, follow up on any deficiencies identified in the subrecipient that are detected through audits, on-site reviews and other means, and issuing a management decision for audit findings, as required by 2 CFR 200.521.Finally, 2 CFR 200.303 requires the Department to establish and maintain effective internal control over the federal award that provides reasonable assurance that the Department is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award.Condition: The Department initially received ESSER funding in fiscal year 2021 and integrated ESSER monitoring with the general subrecipient monitoring used for other federal programs. The Department?s 2020- 2021 Monitoring Tool included only one indicator related to the ESSER program and did not adequately address all subrecipient monitoring requirements. However, in fiscal year 2021, the Department determined that the existing monitoring procedures were not robust enough for the additional requirements associated with ESSER subrecipient monitoring and discontinued those procedures without implementing any alternative procedures during fiscal year 2022.This was a finding included in the Single Audit Report for the year ended June 30, 2021, and the Department provided a corrective action plan to monitor subrecipients. However, the Department did not implement the plan until after the audit period, in fiscal year 2023.Cause: The Department realized the current procedures were not sufficient to meet the monitoring requirements of ESSER and indicated a monitoring process specific to the ESSER program compliance requirements was being developed; however, it was not developed in a timely manner to comply with federal requirements.Effect: The Department is not in compliance with subrecipient monitoring requirements. Without adequate monitoring of subrecipients, the Department is exposed to an increased risk of making improper payments for unallowable or unsupported costs.Recommendation: We recommend that the Department implement procedures to ensure compliance with all requirements as a pass-through entity. We also recommend that the Department design and implement effective control procedures to ensure subrecipient monitoring activities are complete and appropriate.Management?s View: The Department agrees with this finding.Corrective Action: It was not until the end of the 2022 legislative session that spending authority was given to the State Department of Education to use ARP ESSER administrative funds to hire additional staff to meet the robust requirements identified by the U.S. Department of Education. Up to that point, only one full-time person was handling all of the needs associated with ESSER funds. Since then, two positions have been hired. The ESSER Data and Reporting Coordinator began in April 2022, and the ESSER Monitoring Coordinator began in June 2022. While developing the monitoring procedures began in July 2022, it was after the audit timeframe. The Department now has in place all ESSER monitoring policies and procedures and will complete year one monitoring before May 5, 2023.Auditor?s Concluding Remarks: We thank the Department for its cooperation and assistance throughout the audit.