2024-085: Evaluate Subrecipients’ Risk of Noncompliance in Accordance with Federal Regulations Applicable to: Department of Social Services Prior Year Finding Number: 2023-100; 2022-016; 2021-071 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778; Temporary Assistance for Needy Families (TANF) - 93.558; Low-Income Home Energy Assistance Program (LIHEAP) - 93.568 Federal Award Number and Year: 2401VATANF; 2401VALIEA; 2405VA5MAP - 2024 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(b) Known Questioned Costs: $0 Benefit Programs did not confirm that program consultants evaluated each subrecipient’s risk of noncompliance in accordance with federal regulations. Benefit Programs oversees the administration of the Medicaid, SNAP, TANF, and LIHEAP federal grant programs. During fiscal year 2024, Social Services disbursed approximately $660 million in federal funds to roughly 342 subrecipients from 30 federal grant programs. As part of its fiscal year 2024 corrective action efforts, Benefit Programs updated its monitoring plan to include risk assessment and monitoring reviews for both localities and non-localities subrecipients, began performing locality and non-locality risk assessments, and created tracking documents to better manage the subrecipient monitoring process. Additionally, Benefit Programs partnered with program consultants to perform risk assessment procedures. While auditing Benefit Programs’ fiscal year 2024 subrecipient monitoring activities, we noted the following deviations from its subrecipient monitoring plan: Program consultants did not complete non-locality programmatic risk assessments for 219 out of 251 (87%) subawards with payments during the fiscal year. Program consultants did not include adequate justification for why it would not perform a monitoring review during the monitoring period for 83 out of 274 (30%) locality programmatic risk assessments assessed as high or medium risk. Program consultants did not complete 50 out of 324 (15%) locality programmatic risk assessments. Program consultants assessed three of the non-locality subrecipients as moderate risk without an adequate justification of why a monitoring review would not be scheduled for these non-locality subrecipients. Program consultants improperly assessed two of the non-locality subrecipients as low risk even though they had never submitted a Single Audit report to the Clearinghouse. Program consultants did not include a locality programmatic risk assessment that was identified as requiring a targeted monitoring review in their schedule for the fiscal year. Title 2 CFR § 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Without performing the proper risk assessment procedures, Benefit Programs cannot demonstrate that it monitored the activities of the subrecipients as necessary to ensure that the pass-through entities used the subawards for authorized purposes in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Benefit Programs was not able to adequately oversee the implementation of its risk assessment processes due to turnover in its subrecipient monitoring coordinator position. Additionally, Social Services’ Compliance Division was not aware of this non-compliance because it was not performing its monitoring responsibilities in accordance with its Agency Monitoring Plan. Benefit Programs should continue to evaluate its resource levels to ensure that it has adequate resources to effectively oversee the execution of its subrecipient monitoring plan. Additionally, Benefit Programs should dedicate the necessary resources to confirm that program consultants complete risk assessment procedures for all of its subrecipients in accordance with its subrecipient monitoring plan. Views of Responsible Officials: The views of responsible officials are included in the report related to their applicable organization, which can be found at www.apa.virginia.gov and, in summary, do not express disagreement with the finding.
2024-086: Confirm Monitoring Activities are Conducted in Accordance with the Monitoring Plan Applicable to: Department of Social Services Prior Year Finding Number: 2023-102; 2022-014 Type of Finding: Internal Control and Compliance Severity of Deficiency: Significant Deficiency Information System Security Control Family: N/A ALPT or Cluster Name and ALN: Medicaid Cluster - 93.775, 93.777, 93.778; Temporary Assistance for Needy Families (TANF) - 93.558; Low-Income Home Energy Assistance Program (LIHEAP) - 93.568 Federal Award Number and Year: 2401VATANF; 2401VALIEA; 2405VA5MAP - 2024 Name of Federal Agency: U.S. Department of Health and Human Services Type of Compliance Requirement - Criteria: Subrecipient Monitoring - 2 CFR § 200.332(d) Known Questioned Costs: $0 Benefit Programs did not confirm that program consultants performed all required subrecipient monitoring activities in accordance with its subrecipient monitoring plan. During fiscal year 2024, Social Services disbursed approximately $660 million in federal funds to roughly 342 subrecipients from 30 federal grant programs. As part of its fiscal year 2024 corrective action efforts, Benefit Programs updated its monitoring plan to include risk assessment and monitoring reviews for both localities and non-localities subrecipients, began performing locality and non-locality risk assessments, and created tracking documents to better manage the subrecipient monitoring process. Further, Benefit Programs partnered with program consultants to execute its subrecipient monitoring activities. While auditing Benefit Programs’ fiscal year 2024 monitoring activities, we noted the following deviations from its subrecipient monitoring plan: Benefit Programs did not confirm program consultants notified the locality timely about the subrecipient monitoring review process. As a result, Benefit Programs did not identify that program consultants did not initiate timely communications for five out of 19 (26%) scheduled locality monitoring reviews. Benefit Programs did not confirm that program consultants fully documented corrective actions taken by its subrecipients in accordance with its subrecipient monitoring plan. As a result, Benefit Programs was not able to provide fully documented corrective action plans for four out of 19 (21%) scheduled locality monitoring reviews. Benefit Programs did not confirm that program consultants uploaded all fiscal year 2024 monitoring review records to its data repository in accordance with its subrecipient monitoring plan. As a result, Benefit Programs was not able to provide complete documentation for three out of 19 (16%) scheduled locality monitoring reviews. Benefit Programs did not confirm that program consultants included the appropriate sampling units, as outlined in its subrecipient monitoring plan. As a result, Benefit Programs did not identify that three out of 19 (16%) locality monitoring reviews had less sampling units than required by its subrecipient monitoring plan. Benefit Programs did not confirm that program consultants performed all scheduled monitoring reviews. As a result, Benefit Programs did not identify that program consultants did not perform a scheduled monitoring review for one out of 19 (5%) of its locality subrecipients. Based on Benefit Programs’ subrecipient monitoring risk assessments, this locality review was necessary due to the presence of risk factors which created a higher risk of non-compliance. Benefit Programs has not fully implemented its non-locality risk assessment and monitoring review processes which caused program consultants to perform only one monitoring review over approximately 251 non-locality subawards with payments during the fiscal year. Title 2 CFR § 200.332(e) requires the pass-through entity to monitor the activities of the subrecipient as necessary to ensure that the subrecipient uses the subaward for authorized purposes in compliance with federal statutes, regulations, and the terms and conditions of the subaward. Without confirming that program consultants conducted monitoring activities in accordance with the monitoring plan, Benefit Programs cannot provide assurance that it complied with federal regulations and potentially places Social Services at risk of disallowed expenditures and/or suspension or termination of its federal awards. Benefit Programs was not able to adequately oversee the execution of monitoring activities because of turnover in its subrecipient monitoring coordinator position. Additionally, Social Services’ Compliance Division was not aware of this non-compliance because it was not performing its monitoring responsibilities in accordance with its Agency Monitoring Plan. Benefit Programs should continue to evaluate its resource levels to ensure that it has adequate resources to effectively oversee the execution of its subrecipient monitoring plan. Additionally, Benefit Programs should dedicate the necessary resources to confirm that program consultants are performing monitoring procedures in accordance with its subrecipient monitoring plan. Views of Responsible Officials: The views of responsible officials are included in the report related to their applicable organization, which can be found at www.apa.virginia.gov and, in summary, do not express disagreement with the finding.
FINDING 2024-001 Subject: Child Nutrition Cluster - Activities Allowed or Unallowed, Allowable Costs/Cost Principles, Special Tests and Provisions - Non-Profit School Food Service Accounts Federal Agency: Department of Agriculture Federal Programs: School Breakfast Program, National School Lunch Program, Summer Food Service Program for Children Assistance Listings Numbers: 10.553, 10.555, 10.559 Federal Award Numbers and Years (or Other Identifying Numbers): SY 2022-2023, SY 2023-2024 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Activities Allowed or Unallowed, Allowable Costs/Cost Principles, and Special Tests and Provisions - Non-Profit School Food Service Accounts Audit Findings: Significant Deficiency, Other Matters Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, noncompliance related to expenditures charged to the food service program fund. Indirect costs are those expenditures that benefit multiple programs, including the Child Nutrition Cluster that can be partially allocated to the program. To charge indirect costs, the School Corporation must apply for an indirect cost rate from the Indiana Department of Education (IDOE) each year. Indirect cost rates are calculated by the IDOE Office of School Finance utilizing the School Corporation's semiannual School Financial Report referred to as the Form 9. The School Corporation performed transfers out of the School Lunch fund for the allocated portion of the food service's utility service costs through the process of an indirect cost calculation performed by the School Corporation for the year ended June 30, 2024. The School Corporation had not applied or received approval from the IDOE to utilize an indirect cost rate. The total amount charged to the School Lunch fund for these costs totaled $275,724 for the year ended June 30, 2024. This amount was considered questioned costs. The lack of internal controls and noncompliance was isolated to the year ended June 30, 2024, and indirect costs noted above. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." INDIANA STATE BOARD OF ACCOUNTS 16 SCHOOL CITY OF MISHAWAKA SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) 2 CFR 200.403 states in part: "Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. . . . (g) Be adequately documented. . . ." 2 CFR 200.332(b)(4) states: "Indirect cost rate: (i) An approved indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, a pass-through entity must determine the appropriate rate in collaboration with the subrecipient. The indirect cost rate may be either: (A) An indirect cost rate negotiated between the pass-through entity and the subrecipient. These rates may be based on a prior negotiated rate between a different pass-through entity and the subrecipient, in which case the pass-through entity is not required to collect information justifying the rate but may elect to do so; or (B) The de minimis indirect cost rate." Cause A proper system of internal controls was not designed by management of the School Corporation. The School Corporation calculated and charged an indirect cost rate to the food service program but did not seek approval from the IDOE by completing an application to obtain and use an indirect cost rate. Effect Noncompliance with the grant agreement and the compliance requirement resulted in questioned costs and could result in the repayment of federal funds. Questioned Costs Known questioned costs of $275,724 were identified as detailed in the Condition and Context. Recommendation We recommended the School Corporation's management establish a proper system of internal controls to ensure that the disbursements are for the benefit of the school lunch program and comply with the Activities Allowed or Unallowed, Allowable Costs/Cost Principles, and Special Tests and Provisions - Non-Profit School Food Service Accounts compliance requirements. INDIANA STATE BOARD OF ACCOUNTS 17 SCHOOL CITY OF MISHAWAKA SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-001 Subject: Child Nutrition Cluster - Activities Allowed or Unallowed, Allowable Costs/Cost Principles, Special Tests and Provisions - Non-Profit School Food Service Accounts Federal Agency: Department of Agriculture Federal Programs: School Breakfast Program, National School Lunch Program, Summer Food Service Program for Children Assistance Listings Numbers: 10.553, 10.555, 10.559 Federal Award Numbers and Years (or Other Identifying Numbers): SY 2022-2023, SY 2023-2024 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Activities Allowed or Unallowed, Allowable Costs/Cost Principles, and Special Tests and Provisions - Non-Profit School Food Service Accounts Audit Findings: Significant Deficiency, Other Matters Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, noncompliance related to expenditures charged to the food service program fund. Indirect costs are those expenditures that benefit multiple programs, including the Child Nutrition Cluster that can be partially allocated to the program. To charge indirect costs, the School Corporation must apply for an indirect cost rate from the Indiana Department of Education (IDOE) each year. Indirect cost rates are calculated by the IDOE Office of School Finance utilizing the School Corporation's semiannual School Financial Report referred to as the Form 9. The School Corporation performed transfers out of the School Lunch fund for the allocated portion of the food service's utility service costs through the process of an indirect cost calculation performed by the School Corporation for the year ended June 30, 2024. The School Corporation had not applied or received approval from the IDOE to utilize an indirect cost rate. The total amount charged to the School Lunch fund for these costs totaled $275,724 for the year ended June 30, 2024. This amount was considered questioned costs. The lack of internal controls and noncompliance was isolated to the year ended June 30, 2024, and indirect costs noted above. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." INDIANA STATE BOARD OF ACCOUNTS 16 SCHOOL CITY OF MISHAWAKA SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) 2 CFR 200.403 states in part: "Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. . . . (g) Be adequately documented. . . ." 2 CFR 200.332(b)(4) states: "Indirect cost rate: (i) An approved indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, a pass-through entity must determine the appropriate rate in collaboration with the subrecipient. The indirect cost rate may be either: (A) An indirect cost rate negotiated between the pass-through entity and the subrecipient. These rates may be based on a prior negotiated rate between a different pass-through entity and the subrecipient, in which case the pass-through entity is not required to collect information justifying the rate but may elect to do so; or (B) The de minimis indirect cost rate." Cause A proper system of internal controls was not designed by management of the School Corporation. The School Corporation calculated and charged an indirect cost rate to the food service program but did not seek approval from the IDOE by completing an application to obtain and use an indirect cost rate. Effect Noncompliance with the grant agreement and the compliance requirement resulted in questioned costs and could result in the repayment of federal funds. Questioned Costs Known questioned costs of $275,724 were identified as detailed in the Condition and Context. Recommendation We recommended the School Corporation's management establish a proper system of internal controls to ensure that the disbursements are for the benefit of the school lunch program and comply with the Activities Allowed or Unallowed, Allowable Costs/Cost Principles, and Special Tests and Provisions - Non-Profit School Food Service Accounts compliance requirements. INDIANA STATE BOARD OF ACCOUNTS 17 SCHOOL CITY OF MISHAWAKA SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-001 Subject: Child Nutrition Cluster - Activities Allowed or Unallowed, Allowable Costs/Cost Principles, Special Tests and Provisions - Non-Profit School Food Service Accounts Federal Agency: Department of Agriculture Federal Programs: School Breakfast Program, National School Lunch Program, Summer Food Service Program for Children Assistance Listings Numbers: 10.553, 10.555, 10.559 Federal Award Numbers and Years (or Other Identifying Numbers): SY 2022-2023, SY 2023-2024 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Activities Allowed or Unallowed, Allowable Costs/Cost Principles, and Special Tests and Provisions - Non-Profit School Food Service Accounts Audit Findings: Significant Deficiency, Other Matters Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, noncompliance related to expenditures charged to the food service program fund. Indirect costs are those expenditures that benefit multiple programs, including the Child Nutrition Cluster that can be partially allocated to the program. To charge indirect costs, the School Corporation must apply for an indirect cost rate from the Indiana Department of Education (IDOE) each year. Indirect cost rates are calculated by the IDOE Office of School Finance utilizing the School Corporation's semiannual School Financial Report referred to as the Form 9. The School Corporation performed transfers out of the School Lunch fund for the allocated portion of the food service's utility service costs through the process of an indirect cost calculation performed by the School Corporation for the year ended June 30, 2024. The School Corporation had not applied or received approval from the IDOE to utilize an indirect cost rate. The total amount charged to the School Lunch fund for these costs totaled $275,724 for the year ended June 30, 2024. This amount was considered questioned costs. The lack of internal controls and noncompliance was isolated to the year ended June 30, 2024, and indirect costs noted above. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." INDIANA STATE BOARD OF ACCOUNTS 16 SCHOOL CITY OF MISHAWAKA SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) 2 CFR 200.403 states in part: "Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. . . . (g) Be adequately documented. . . ." 2 CFR 200.332(b)(4) states: "Indirect cost rate: (i) An approved indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, a pass-through entity must determine the appropriate rate in collaboration with the subrecipient. The indirect cost rate may be either: (A) An indirect cost rate negotiated between the pass-through entity and the subrecipient. These rates may be based on a prior negotiated rate between a different pass-through entity and the subrecipient, in which case the pass-through entity is not required to collect information justifying the rate but may elect to do so; or (B) The de minimis indirect cost rate." Cause A proper system of internal controls was not designed by management of the School Corporation. The School Corporation calculated and charged an indirect cost rate to the food service program but did not seek approval from the IDOE by completing an application to obtain and use an indirect cost rate. Effect Noncompliance with the grant agreement and the compliance requirement resulted in questioned costs and could result in the repayment of federal funds. Questioned Costs Known questioned costs of $275,724 were identified as detailed in the Condition and Context. Recommendation We recommended the School Corporation's management establish a proper system of internal controls to ensure that the disbursements are for the benefit of the school lunch program and comply with the Activities Allowed or Unallowed, Allowable Costs/Cost Principles, and Special Tests and Provisions - Non-Profit School Food Service Accounts compliance requirements. INDIANA STATE BOARD OF ACCOUNTS 17 SCHOOL CITY OF MISHAWAKA SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-001 Subject: Child Nutrition Cluster - Activities Allowed or Unallowed, Allowable Costs/Cost Principles, Special Tests and Provisions - Non-Profit School Food Service Accounts Federal Agency: Department of Agriculture Federal Programs: School Breakfast Program, National School Lunch Program, Summer Food Service Program for Children Assistance Listings Numbers: 10.553, 10.555, 10.559 Federal Award Numbers and Years (or Other Identifying Numbers): SY 2022-2023, SY 2023-2024 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Activities Allowed or Unallowed, Allowable Costs/Cost Principles, and Special Tests and Provisions - Non-Profit School Food Service Accounts Audit Findings: Significant Deficiency, Other Matters Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, noncompliance related to expenditures charged to the food service program fund. Indirect costs are those expenditures that benefit multiple programs, including the Child Nutrition Cluster that can be partially allocated to the program. To charge indirect costs, the School Corporation must apply for an indirect cost rate from the Indiana Department of Education (IDOE) each year. Indirect cost rates are calculated by the IDOE Office of School Finance utilizing the School Corporation's semiannual School Financial Report referred to as the Form 9. The School Corporation performed transfers out of the School Lunch fund for the allocated portion of the food service's utility service costs through the process of an indirect cost calculation performed by the School Corporation for the year ended June 30, 2024. The School Corporation had not applied or received approval from the IDOE to utilize an indirect cost rate. The total amount charged to the School Lunch fund for these costs totaled $275,724 for the year ended June 30, 2024. This amount was considered questioned costs. The lack of internal controls and noncompliance was isolated to the year ended June 30, 2024, and indirect costs noted above. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." INDIANA STATE BOARD OF ACCOUNTS 16 SCHOOL CITY OF MISHAWAKA SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) 2 CFR 200.403 states in part: "Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. . . . (g) Be adequately documented. . . ." 2 CFR 200.332(b)(4) states: "Indirect cost rate: (i) An approved indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, a pass-through entity must determine the appropriate rate in collaboration with the subrecipient. The indirect cost rate may be either: (A) An indirect cost rate negotiated between the pass-through entity and the subrecipient. These rates may be based on a prior negotiated rate between a different pass-through entity and the subrecipient, in which case the pass-through entity is not required to collect information justifying the rate but may elect to do so; or (B) The de minimis indirect cost rate." Cause A proper system of internal controls was not designed by management of the School Corporation. The School Corporation calculated and charged an indirect cost rate to the food service program but did not seek approval from the IDOE by completing an application to obtain and use an indirect cost rate. Effect Noncompliance with the grant agreement and the compliance requirement resulted in questioned costs and could result in the repayment of federal funds. Questioned Costs Known questioned costs of $275,724 were identified as detailed in the Condition and Context. Recommendation We recommended the School Corporation's management establish a proper system of internal controls to ensure that the disbursements are for the benefit of the school lunch program and comply with the Activities Allowed or Unallowed, Allowable Costs/Cost Principles, and Special Tests and Provisions - Non-Profit School Food Service Accounts compliance requirements. INDIANA STATE BOARD OF ACCOUNTS 17 SCHOOL CITY OF MISHAWAKA SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-001 Subject: Child Nutrition Cluster - Activities Allowed or Unallowed, Allowable Costs/Cost Principles, Special Tests and Provisions - Non-Profit School Food Service Accounts Federal Agency: Department of Agriculture Federal Programs: School Breakfast Program, National School Lunch Program, Summer Food Service Program for Children Assistance Listings Numbers: 10.553, 10.555, 10.559 Federal Award Numbers and Years (or Other Identifying Numbers): SY 2022-2023, SY 2023-2024 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Activities Allowed or Unallowed, Allowable Costs/Cost Principles, and Special Tests and Provisions - Non-Profit School Food Service Accounts Audit Findings: Significant Deficiency, Other Matters Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, noncompliance related to expenditures charged to the food service program fund. Indirect costs are those expenditures that benefit multiple programs, including the Child Nutrition Cluster that can be partially allocated to the program. To charge indirect costs, the School Corporation must apply for an indirect cost rate from the Indiana Department of Education (IDOE) each year. Indirect cost rates are calculated by the IDOE Office of School Finance utilizing the School Corporation's semiannual School Financial Report referred to as the Form 9. The School Corporation performed transfers out of the School Lunch fund for the allocated portion of the food service's utility service costs through the process of an indirect cost calculation performed by the School Corporation for the year ended June 30, 2024. The School Corporation had not applied or received approval from the IDOE to utilize an indirect cost rate. The total amount charged to the School Lunch fund for these costs totaled $275,724 for the year ended June 30, 2024. This amount was considered questioned costs. The lack of internal controls and noncompliance was isolated to the year ended June 30, 2024, and indirect costs noted above. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." INDIANA STATE BOARD OF ACCOUNTS 16 SCHOOL CITY OF MISHAWAKA SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) 2 CFR 200.403 states in part: "Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. . . . (g) Be adequately documented. . . ." 2 CFR 200.332(b)(4) states: "Indirect cost rate: (i) An approved indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, a pass-through entity must determine the appropriate rate in collaboration with the subrecipient. The indirect cost rate may be either: (A) An indirect cost rate negotiated between the pass-through entity and the subrecipient. These rates may be based on a prior negotiated rate between a different pass-through entity and the subrecipient, in which case the pass-through entity is not required to collect information justifying the rate but may elect to do so; or (B) The de minimis indirect cost rate." Cause A proper system of internal controls was not designed by management of the School Corporation. The School Corporation calculated and charged an indirect cost rate to the food service program but did not seek approval from the IDOE by completing an application to obtain and use an indirect cost rate. Effect Noncompliance with the grant agreement and the compliance requirement resulted in questioned costs and could result in the repayment of federal funds. Questioned Costs Known questioned costs of $275,724 were identified as detailed in the Condition and Context. Recommendation We recommended the School Corporation's management establish a proper system of internal controls to ensure that the disbursements are for the benefit of the school lunch program and comply with the Activities Allowed or Unallowed, Allowable Costs/Cost Principles, and Special Tests and Provisions - Non-Profit School Food Service Accounts compliance requirements. INDIANA STATE BOARD OF ACCOUNTS 17 SCHOOL CITY OF MISHAWAKA SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-001 Subject: Child Nutrition Cluster - Activities Allowed or Unallowed, Allowable Costs/Cost Principles, Special Tests and Provisions - Non-Profit School Food Service Accounts Federal Agency: Department of Agriculture Federal Programs: School Breakfast Program, National School Lunch Program, Summer Food Service Program for Children Assistance Listings Numbers: 10.553, 10.555, 10.559 Federal Award Numbers and Years (or Other Identifying Numbers): SY 2022-2023, SY 2023-2024 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Activities Allowed or Unallowed, Allowable Costs/Cost Principles, and Special Tests and Provisions - Non-Profit School Food Service Accounts Audit Findings: Significant Deficiency, Other Matters Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, noncompliance related to expenditures charged to the food service program fund. Indirect costs are those expenditures that benefit multiple programs, including the Child Nutrition Cluster that can be partially allocated to the program. To charge indirect costs, the School Corporation must apply for an indirect cost rate from the Indiana Department of Education (IDOE) each year. Indirect cost rates are calculated by the IDOE Office of School Finance utilizing the School Corporation's semiannual School Financial Report referred to as the Form 9. The School Corporation performed transfers out of the School Lunch fund for the allocated portion of the food service's utility service costs through the process of an indirect cost calculation performed by the School Corporation for the year ended June 30, 2024. The School Corporation had not applied or received approval from the IDOE to utilize an indirect cost rate. The total amount charged to the School Lunch fund for these costs totaled $275,724 for the year ended June 30, 2024. This amount was considered questioned costs. The lack of internal controls and noncompliance was isolated to the year ended June 30, 2024, and indirect costs noted above. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." INDIANA STATE BOARD OF ACCOUNTS 16 SCHOOL CITY OF MISHAWAKA SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) 2 CFR 200.403 states in part: "Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. . . . (g) Be adequately documented. . . ." 2 CFR 200.332(b)(4) states: "Indirect cost rate: (i) An approved indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, a pass-through entity must determine the appropriate rate in collaboration with the subrecipient. The indirect cost rate may be either: (A) An indirect cost rate negotiated between the pass-through entity and the subrecipient. These rates may be based on a prior negotiated rate between a different pass-through entity and the subrecipient, in which case the pass-through entity is not required to collect information justifying the rate but may elect to do so; or (B) The de minimis indirect cost rate." Cause A proper system of internal controls was not designed by management of the School Corporation. The School Corporation calculated and charged an indirect cost rate to the food service program but did not seek approval from the IDOE by completing an application to obtain and use an indirect cost rate. Effect Noncompliance with the grant agreement and the compliance requirement resulted in questioned costs and could result in the repayment of federal funds. Questioned Costs Known questioned costs of $275,724 were identified as detailed in the Condition and Context. Recommendation We recommended the School Corporation's management establish a proper system of internal controls to ensure that the disbursements are for the benefit of the school lunch program and comply with the Activities Allowed or Unallowed, Allowable Costs/Cost Principles, and Special Tests and Provisions - Non-Profit School Food Service Accounts compliance requirements. INDIANA STATE BOARD OF ACCOUNTS 17 SCHOOL CITY OF MISHAWAKA SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
Finding 2024-001 – Procurements and Suspension and Debarment Program: Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.027 Federal Agency: U.S. Department of the Treasury Passed Through: N/A – Direct Program Award Year: Fiscal Year 2023-2024 Compliance Requirement: Procurement and Suspension and Debarment Questioned Costs: $0 Criteria Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) §200.303 states that the non- Federal entity (County) must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Per § 200.332, recipients and subrecipients are subject to the procurement and debarment and suspension regulations implementing Executive Orders 12549 and 12689, as well as 2 CFR part 180. The regulations in 2 CFR part 180 restrict making Federal awards, subawards, and contracts with certain parties that are debarred, suspended, or otherwise excluded from receiving or participating in Federal awards. Condition During our testing of procurement and suspension and debarment, we noted six (6) instances where the County did not keep record for verifying that an entity with which it planned to enter into a covered transaction was not debarred, suspended, or otherwise excluded from receiving or participating in Federal awards. Cause of Condition The County’s existing internal control system is not operating effectively to provide reasonable assurance that procurement procedures in place comply with the procurement requirements related to the program. Repeat Finding No. Effect of Condition There is increased risk of noncompliance with the procurement requirement as set forth in the U.S. Office of Management and Budget (OMB) Compliance Supplement, which can jeopardize future federal funding as well as result in the payback of federal awards. Failure to conduct proper verifications before engaging in a covered transaction with an entity could result in fraud, waste, and abuse of federal funds.Recommendation We recommend the County design and implement internal control activities over the procurement and suspension and debarment compliance requirement under the Uniform Guidance. We also recommend the County keeps adequate records for verifying the contractors receiving federal grant funding were not debarred, suspended, or otherwise excluded from receiving or participating in Federal awards. Management Response and Corrective Action Plan The County has confirmed that the internal procurement process incorporates the verification that contractors are in possession of valid, applicable licenses and are not barred, suspended or otherwise excluded from receiving federal funds prior to engaging in contracted work. Reference to this process has not been regularly documented; going forward, verifications will be documented on the contract review cover sheet to further support the completion of the process. Copies of supporting documentation will be attached, when applicable, to demonstrate eligibility.
Criteria or specific requirement: Per 2 CFR 200.332, all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information listed in 2 CFR 200.332(a)(1) at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Per 2 CFR 200.331(b), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes required award information. A pass-through entity must provide the best available information when some of the information below is unavailable. A pass-through entity must provide the unavailable information when it is obtained. Required information includes: Subrecipient's name, Subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), Federal Award Date, Subaward Period of Performance Start and End Date, Subaward Budget Period Start and End Date, Amount of Federal Funds Obligated in the subaward, Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation, Total Amount of the Federal Award committed to the subrecipient by the pass-through entity, Federal award project description, as required by the Federal Funding Accountability and Transparency Act (FFATA), Name of the Federal agency, pass-through entity, and contact information for awarding official of the pass-through entity, Assistance Listings title and number, Identification of whether the Federal award is for research and development, Indirect cost rate for the Federal award (including if the de minimis rate is used. Per 2 CFR 200.303, non-federal entities receiving federal awards must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Kansas Division of Emergency Management (Management) did not issue subawards to subrecipients until after the fiscal year ended. Questioned costs: None. Context: For 22 of 22 subrecipients selected for testing, Management did not issue subawards until after the fiscal year ended. Cause: 2 CFR 200.332(a) requires subawards to include certain required information to be communicated to subrecipients at the time of the subaward being awarded. The subaward information was not communicated to subrecipients under after the fiscal year ended June 30, 2024, and should have been communicated at the time the subawards were awarded during the fiscal year subject to audit. Effect: Failure to issue subawards timely and to include required federal award information could result in subrecipients not properly administering the federal program in accordance with federal regulations. Repeat Finding: No. Recommendation: We recommend that Management reviews and enhances its internal controls and procedures to ensure that subawards are issued timely to subrecipients, and that subawards that include all required federal award information is communicated at the time of the subaward. Views of responsible officials: Management partially agrees with this finding. Although the 2023 2 CFR § 200.332 does state that the award letters should be sent at the time of the award, there needs to be some reasonableness to the interpretation of this regulation. KDEM currently has 13 open disasters with over 100 open projects and more being written. It is not reasonable to interpret that the award letters be sent on the date that the award is granted. Auditor’s Concluding Remarks: Management’s response did not persuade the auditor to revise the finding. Evidence that the required information per 2 CFR 200.332 being provided to subrecipients at the time of the subawards was not provided.
Criteria or specific requirement: Per 2 CFR 200.332, all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information listed in 2 CFR 200.332(a)(1) at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Per 2 CFR 200.331(b), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes required award information. A pass-through entity must provide the best available information when some of the information below is unavailable. A pass-through entity must provide the unavailable information when it is obtained. Required information includes: Subrecipient's name, Subrecipient's unique entity identifier, Federal Award Identification Number (FAIN), Federal Award Date, Subaward Period of Performance Start and End Date, Subaward Budget Period Start and End Date, Amount of Federal Funds Obligated in the subaward, Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation, Total Amount of the Federal Award committed to the subrecipient by the pass-through entity, Federal award project description, as required by the Federal Funding Accountability and Transparency Act (FFATA), Name of the Federal agency, pass-through entity, and contact information for awarding official of the pass-through entity, Assistance Listings title and number, Identification of whether the Federal award is for research and development, Indirect cost rate for the Federal award (including if the de minimis rate is used. Per 2 CFR 200.303, non-federal entities receiving federal awards must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Kansas Division of Emergency Management (Management) did not issue subawards to subrecipients until after the fiscal year ended. Questioned costs: None. Context: For 22 of 22 subrecipients selected for testing, Management did not issue subawards until after the fiscal year ended. Cause: 2 CFR 200.332(a) requires subawards to include certain required information to be communicated to subrecipients at the time of the subaward being awarded. The subaward information was not communicated to subrecipients under after the fiscal year ended June 30, 2024, and should have been communicated at the time the subawards were awarded during the fiscal year subject to audit. Effect: Failure to issue subawards timely and to include required federal award information could result in subrecipients not properly administering the federal program in accordance with federal regulations. Repeat Finding: No. Recommendation: We recommend that Management reviews and enhances its internal controls and procedures to ensure that subawards are issued timely to subrecipients, and that subawards that include all required federal award information is communicated at the time of the subaward. Views of responsible officials: Management partially agrees with this finding. Although the 2023 2 CFR § 200.332 does state that the award letters should be sent at the time of the award, there needs to be some reasonableness to the interpretation of this regulation. KDEM currently has 13 open disasters with over 100 open projects and more being written. It is not reasonable to interpret that the award letters be sent on the date that the award is granted. Auditor’s Concluding Remarks: Management’s response did not persuade the auditor to revise the finding. Evidence that the required information per 2 CFR 200.332 being provided to subrecipients at the time of the subawards was not provided.
Various Agencies Finding 2024 –¬ 014: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant ALN 93.788 – Opioid STR State Agencies Did Not Identify the Federal Award Information and Applicable Requirements at the Time of the Subaward and Did Not Evaluate Each Subrecipient’s Risk of Noncompliance as Required by the Uniform Grant Guidance (A Similar Condition Was Noted in Prior Year Finding 2023-023) Federal Grant Number(s) and Year(s): 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 231PA445Q2204 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), 228PA100I1003 (6/13/2022 – 6/30/2025), 238PA000I1003 (5/25/2023 – 6/30/2025), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), NU50CK000527 (8/01/2019 – 7/31/2026), 2401PATANF (10/01/2023 – 9/30/2024), 2301PATANF (10/01/2022 – 9/30/2023), 2201PATANF (10/01/2021-9/30/2022), 2101PATANF (10/01/2020 – 9/30/2021), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), H79TI083297 (9/30/2021 – 9/29/2023), H79TI085783 (9/30/2022 – 9/29/2024) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Compliance Requirement: Subrecipient Monitoring Condition: The Uniform Guidance in 2 CFR Section 200 applies to the major programs listed above for the fiscal year ended June 30, 2024. Our testing disclosed that the Pennsylvania Department of Human Services (DHS), the Pennsylvania Department of Drug and Alcohol Programs (DDAP), and the Pennsylvania Department of Labor and Industry (L&I) did not identify the federal award information and applicable requirements in subrecipient award documents. Additionally, the Pennsylvania Department of Agriculture (PDA), Pennsylvania Department of Aging (PDOA), Pennsylvania Department of Health (DOH), and DHS did not adequately evaluate each subrecipient’s risk of noncompliance for the purpose of determining the appropriate subrecipient monitoring related to the subaward. This represents an internal control weakness which could cause subrecipients to be improperly informed of federal award information and may result in inadequate monitoring by the state agencies. Also, it could cause the omission or improper identification of program expenditures on subrecipients’ Schedules of Expenditures of Federal Awards (SEFAs). The following chart shows which federal award information required by 2 CFR Section 200 was omitted (as indicated by “No”) from the subrecipient award documents at the time of the subaward and which major programs did not have a state agency evaluation of each subrecipient’s risk of noncompliance. Finding 2024 –¬ 014: (continued) SEE SCHEDULE OF FINDINGS AND QUESTIONED COSTS FOR CHART/TABLE (The cells with a hyphen in the table indicate that the federal award information was included in the subrecipient award documents or was not applicable for the respective major program.) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: Finding 2024 –¬ 014: (continued) (1) Federal Award Identification. (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal Award date in section 200.1) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the pass-through entity; (xii) Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F [Audit Requirements] of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency) Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should identify, analyze, and respond to risks related to achieving the defined objectives. Management should identify, analyze, and respond to significant changes that could impact the internal control system. Cause: In general, DHS’s, L&I’s, and DDAP’s processes for subrecipient award monitoring did not identify the omission of required elements from the grant awards. In addition, the risk assessments performed by PDA, PDOA, DOH, and DHS were not properly documented or not performed. Effect: Excluding the federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete SEFAs in their Single Audit reports submitted to the Commonwealth, and federal funds may not be properly audited at the subrecipient level in accordance with the Single Audit Act and Uniform Guidance. Not evaluating each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward may result in subrecipients using the subaward for unauthorized purposes or in violation of the terms and conditions of the subaward, and state agency monitoring would not detect this noncompliance and ensure it is corrected in a timely manner. Finding 2024 –¬ 014: (continued) Recommendation: DHS, L&I, and DDAP should develop policies and reporting mechanisms to ensure all required federal award information is disseminated to all subrecipients at the time of the subaward to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. In addition, DHS, DDAP, and L&I should correspond with applicable subrecipients to ensure they are aware of the correct federal award information and review applicable subaward documents prior to issuance to ensure federal information is complete and accurate. PDA, PDOA, DOH, and DHS should implement procedures to adequately document their evaluation of each subrecipient’s risk of noncompliance as cited in 2 CFR Section 200.332 for purposes of determining the appropriate subrecipient monitoring related to the subaward. DHS Response: DHS agrees with the finding. DOH Response: DOH agrees with the finding. PDA Response: PDA agrees with the finding. PDOA Response: PDOA agrees with the finding. DDAP Response: DDAP agrees with the concern indicated in this finding regarding not identifying the federal award information and applicable requirements in subrecipient award documents. The Department contracts with 47 Single County Authorities (SCAs) through 5-year grant agreements. These grant agreements may not have all of the required federal award information pursuant to 2 CFR 200.332 when the agreement is executed. DDAP understands the need to develop policies to ensure all required federal award information is disseminated to all subrecipients. Going forward, the Department will send a separate notification to all subrecipients once all federal award information has been identified to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. L&I Response: L&I considered the required elements outlined in 2 CFR Section 200.332 when designing the template for its subaward documents. The template included a specific section to list the Federal Awarding Agency; however, upon execution of the TANF subaward documents, L&I inadvertently entered incorrect data into this field. The result was that while a Federal Agency was listed in the contract, it was not the Federal Awarding Agency that provided the TANF funding. Upon being made aware of the error, L&I immediately corrected and disseminated the corrected information to the sub-recipients through the Commonwealth Workforce Development System. L&I agrees that at the time of award the name of the Federal Awarding Agency that provided the TANF funding was not included in the subaward documents. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 –¬ 014: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant ALN 93.788 – Opioid STR State Agencies Did Not Identify the Federal Award Information and Applicable Requirements at the Time of the Subaward and Did Not Evaluate Each Subrecipient’s Risk of Noncompliance as Required by the Uniform Grant Guidance (A Similar Condition Was Noted in Prior Year Finding 2023-023) Federal Grant Number(s) and Year(s): 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 231PA445Q2204 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), 228PA100I1003 (6/13/2022 – 6/30/2025), 238PA000I1003 (5/25/2023 – 6/30/2025), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), NU50CK000527 (8/01/2019 – 7/31/2026), 2401PATANF (10/01/2023 – 9/30/2024), 2301PATANF (10/01/2022 – 9/30/2023), 2201PATANF (10/01/2021-9/30/2022), 2101PATANF (10/01/2020 – 9/30/2021), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), H79TI083297 (9/30/2021 – 9/29/2023), H79TI085783 (9/30/2022 – 9/29/2024) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Compliance Requirement: Subrecipient Monitoring Condition: The Uniform Guidance in 2 CFR Section 200 applies to the major programs listed above for the fiscal year ended June 30, 2024. Our testing disclosed that the Pennsylvania Department of Human Services (DHS), the Pennsylvania Department of Drug and Alcohol Programs (DDAP), and the Pennsylvania Department of Labor and Industry (L&I) did not identify the federal award information and applicable requirements in subrecipient award documents. Additionally, the Pennsylvania Department of Agriculture (PDA), Pennsylvania Department of Aging (PDOA), Pennsylvania Department of Health (DOH), and DHS did not adequately evaluate each subrecipient’s risk of noncompliance for the purpose of determining the appropriate subrecipient monitoring related to the subaward. This represents an internal control weakness which could cause subrecipients to be improperly informed of federal award information and may result in inadequate monitoring by the state agencies. Also, it could cause the omission or improper identification of program expenditures on subrecipients’ Schedules of Expenditures of Federal Awards (SEFAs). The following chart shows which federal award information required by 2 CFR Section 200 was omitted (as indicated by “No”) from the subrecipient award documents at the time of the subaward and which major programs did not have a state agency evaluation of each subrecipient’s risk of noncompliance. Finding 2024 –¬ 014: (continued) SEE SCHEDULE OF FINDINGS AND QUESTIONED COSTS FOR CHART/TABLE (The cells with a hyphen in the table indicate that the federal award information was included in the subrecipient award documents or was not applicable for the respective major program.) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: Finding 2024 –¬ 014: (continued) (1) Federal Award Identification. (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal Award date in section 200.1) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the pass-through entity; (xii) Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F [Audit Requirements] of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency) Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should identify, analyze, and respond to risks related to achieving the defined objectives. Management should identify, analyze, and respond to significant changes that could impact the internal control system. Cause: In general, DHS’s, L&I’s, and DDAP’s processes for subrecipient award monitoring did not identify the omission of required elements from the grant awards. In addition, the risk assessments performed by PDA, PDOA, DOH, and DHS were not properly documented or not performed. Effect: Excluding the federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete SEFAs in their Single Audit reports submitted to the Commonwealth, and federal funds may not be properly audited at the subrecipient level in accordance with the Single Audit Act and Uniform Guidance. Not evaluating each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward may result in subrecipients using the subaward for unauthorized purposes or in violation of the terms and conditions of the subaward, and state agency monitoring would not detect this noncompliance and ensure it is corrected in a timely manner. Finding 2024 –¬ 014: (continued) Recommendation: DHS, L&I, and DDAP should develop policies and reporting mechanisms to ensure all required federal award information is disseminated to all subrecipients at the time of the subaward to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. In addition, DHS, DDAP, and L&I should correspond with applicable subrecipients to ensure they are aware of the correct federal award information and review applicable subaward documents prior to issuance to ensure federal information is complete and accurate. PDA, PDOA, DOH, and DHS should implement procedures to adequately document their evaluation of each subrecipient’s risk of noncompliance as cited in 2 CFR Section 200.332 for purposes of determining the appropriate subrecipient monitoring related to the subaward. DHS Response: DHS agrees with the finding. DOH Response: DOH agrees with the finding. PDA Response: PDA agrees with the finding. PDOA Response: PDOA agrees with the finding. DDAP Response: DDAP agrees with the concern indicated in this finding regarding not identifying the federal award information and applicable requirements in subrecipient award documents. The Department contracts with 47 Single County Authorities (SCAs) through 5-year grant agreements. These grant agreements may not have all of the required federal award information pursuant to 2 CFR 200.332 when the agreement is executed. DDAP understands the need to develop policies to ensure all required federal award information is disseminated to all subrecipients. Going forward, the Department will send a separate notification to all subrecipients once all federal award information has been identified to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. L&I Response: L&I considered the required elements outlined in 2 CFR Section 200.332 when designing the template for its subaward documents. The template included a specific section to list the Federal Awarding Agency; however, upon execution of the TANF subaward documents, L&I inadvertently entered incorrect data into this field. The result was that while a Federal Agency was listed in the contract, it was not the Federal Awarding Agency that provided the TANF funding. Upon being made aware of the error, L&I immediately corrected and disseminated the corrected information to the sub-recipients through the Commonwealth Workforce Development System. L&I agrees that at the time of award the name of the Federal Awarding Agency that provided the TANF funding was not included in the subaward documents. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 –¬ 014: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant ALN 93.788 – Opioid STR State Agencies Did Not Identify the Federal Award Information and Applicable Requirements at the Time of the Subaward and Did Not Evaluate Each Subrecipient’s Risk of Noncompliance as Required by the Uniform Grant Guidance (A Similar Condition Was Noted in Prior Year Finding 2023-023) Federal Grant Number(s) and Year(s): 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 231PA445Q2204 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), 228PA100I1003 (6/13/2022 – 6/30/2025), 238PA000I1003 (5/25/2023 – 6/30/2025), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), NU50CK000527 (8/01/2019 – 7/31/2026), 2401PATANF (10/01/2023 – 9/30/2024), 2301PATANF (10/01/2022 – 9/30/2023), 2201PATANF (10/01/2021-9/30/2022), 2101PATANF (10/01/2020 – 9/30/2021), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), H79TI083297 (9/30/2021 – 9/29/2023), H79TI085783 (9/30/2022 – 9/29/2024) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Compliance Requirement: Subrecipient Monitoring Condition: The Uniform Guidance in 2 CFR Section 200 applies to the major programs listed above for the fiscal year ended June 30, 2024. Our testing disclosed that the Pennsylvania Department of Human Services (DHS), the Pennsylvania Department of Drug and Alcohol Programs (DDAP), and the Pennsylvania Department of Labor and Industry (L&I) did not identify the federal award information and applicable requirements in subrecipient award documents. Additionally, the Pennsylvania Department of Agriculture (PDA), Pennsylvania Department of Aging (PDOA), Pennsylvania Department of Health (DOH), and DHS did not adequately evaluate each subrecipient’s risk of noncompliance for the purpose of determining the appropriate subrecipient monitoring related to the subaward. This represents an internal control weakness which could cause subrecipients to be improperly informed of federal award information and may result in inadequate monitoring by the state agencies. Also, it could cause the omission or improper identification of program expenditures on subrecipients’ Schedules of Expenditures of Federal Awards (SEFAs). The following chart shows which federal award information required by 2 CFR Section 200 was omitted (as indicated by “No”) from the subrecipient award documents at the time of the subaward and which major programs did not have a state agency evaluation of each subrecipient’s risk of noncompliance. Finding 2024 –¬ 014: (continued) SEE SCHEDULE OF FINDINGS AND QUESTIONED COSTS FOR CHART/TABLE (The cells with a hyphen in the table indicate that the federal award information was included in the subrecipient award documents or was not applicable for the respective major program.) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: Finding 2024 –¬ 014: (continued) (1) Federal Award Identification. (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal Award date in section 200.1) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the pass-through entity; (xii) Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F [Audit Requirements] of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency) Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should identify, analyze, and respond to risks related to achieving the defined objectives. Management should identify, analyze, and respond to significant changes that could impact the internal control system. Cause: In general, DHS’s, L&I’s, and DDAP’s processes for subrecipient award monitoring did not identify the omission of required elements from the grant awards. In addition, the risk assessments performed by PDA, PDOA, DOH, and DHS were not properly documented or not performed. Effect: Excluding the federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete SEFAs in their Single Audit reports submitted to the Commonwealth, and federal funds may not be properly audited at the subrecipient level in accordance with the Single Audit Act and Uniform Guidance. Not evaluating each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward may result in subrecipients using the subaward for unauthorized purposes or in violation of the terms and conditions of the subaward, and state agency monitoring would not detect this noncompliance and ensure it is corrected in a timely manner. Finding 2024 –¬ 014: (continued) Recommendation: DHS, L&I, and DDAP should develop policies and reporting mechanisms to ensure all required federal award information is disseminated to all subrecipients at the time of the subaward to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. In addition, DHS, DDAP, and L&I should correspond with applicable subrecipients to ensure they are aware of the correct federal award information and review applicable subaward documents prior to issuance to ensure federal information is complete and accurate. PDA, PDOA, DOH, and DHS should implement procedures to adequately document their evaluation of each subrecipient’s risk of noncompliance as cited in 2 CFR Section 200.332 for purposes of determining the appropriate subrecipient monitoring related to the subaward. DHS Response: DHS agrees with the finding. DOH Response: DOH agrees with the finding. PDA Response: PDA agrees with the finding. PDOA Response: PDOA agrees with the finding. DDAP Response: DDAP agrees with the concern indicated in this finding regarding not identifying the federal award information and applicable requirements in subrecipient award documents. The Department contracts with 47 Single County Authorities (SCAs) through 5-year grant agreements. These grant agreements may not have all of the required federal award information pursuant to 2 CFR 200.332 when the agreement is executed. DDAP understands the need to develop policies to ensure all required federal award information is disseminated to all subrecipients. Going forward, the Department will send a separate notification to all subrecipients once all federal award information has been identified to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. L&I Response: L&I considered the required elements outlined in 2 CFR Section 200.332 when designing the template for its subaward documents. The template included a specific section to list the Federal Awarding Agency; however, upon execution of the TANF subaward documents, L&I inadvertently entered incorrect data into this field. The result was that while a Federal Agency was listed in the contract, it was not the Federal Awarding Agency that provided the TANF funding. Upon being made aware of the error, L&I immediately corrected and disseminated the corrected information to the sub-recipients through the Commonwealth Workforce Development System. L&I agrees that at the time of award the name of the Federal Awarding Agency that provided the TANF funding was not included in the subaward documents. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 –¬ 014: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant ALN 93.788 – Opioid STR State Agencies Did Not Identify the Federal Award Information and Applicable Requirements at the Time of the Subaward and Did Not Evaluate Each Subrecipient’s Risk of Noncompliance as Required by the Uniform Grant Guidance (A Similar Condition Was Noted in Prior Year Finding 2023-023) Federal Grant Number(s) and Year(s): 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 231PA445Q2204 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), 228PA100I1003 (6/13/2022 – 6/30/2025), 238PA000I1003 (5/25/2023 – 6/30/2025), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), NU50CK000527 (8/01/2019 – 7/31/2026), 2401PATANF (10/01/2023 – 9/30/2024), 2301PATANF (10/01/2022 – 9/30/2023), 2201PATANF (10/01/2021-9/30/2022), 2101PATANF (10/01/2020 – 9/30/2021), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), H79TI083297 (9/30/2021 – 9/29/2023), H79TI085783 (9/30/2022 – 9/29/2024) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Compliance Requirement: Subrecipient Monitoring Condition: The Uniform Guidance in 2 CFR Section 200 applies to the major programs listed above for the fiscal year ended June 30, 2024. Our testing disclosed that the Pennsylvania Department of Human Services (DHS), the Pennsylvania Department of Drug and Alcohol Programs (DDAP), and the Pennsylvania Department of Labor and Industry (L&I) did not identify the federal award information and applicable requirements in subrecipient award documents. Additionally, the Pennsylvania Department of Agriculture (PDA), Pennsylvania Department of Aging (PDOA), Pennsylvania Department of Health (DOH), and DHS did not adequately evaluate each subrecipient’s risk of noncompliance for the purpose of determining the appropriate subrecipient monitoring related to the subaward. This represents an internal control weakness which could cause subrecipients to be improperly informed of federal award information and may result in inadequate monitoring by the state agencies. Also, it could cause the omission or improper identification of program expenditures on subrecipients’ Schedules of Expenditures of Federal Awards (SEFAs). The following chart shows which federal award information required by 2 CFR Section 200 was omitted (as indicated by “No”) from the subrecipient award documents at the time of the subaward and which major programs did not have a state agency evaluation of each subrecipient’s risk of noncompliance. Finding 2024 –¬ 014: (continued) SEE SCHEDULE OF FINDINGS AND QUESTIONED COSTS FOR CHART/TABLE (The cells with a hyphen in the table indicate that the federal award information was included in the subrecipient award documents or was not applicable for the respective major program.) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: Finding 2024 –¬ 014: (continued) (1) Federal Award Identification. (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal Award date in section 200.1) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the pass-through entity; (xii) Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F [Audit Requirements] of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency) Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should identify, analyze, and respond to risks related to achieving the defined objectives. Management should identify, analyze, and respond to significant changes that could impact the internal control system. Cause: In general, DHS’s, L&I’s, and DDAP’s processes for subrecipient award monitoring did not identify the omission of required elements from the grant awards. In addition, the risk assessments performed by PDA, PDOA, DOH, and DHS were not properly documented or not performed. Effect: Excluding the federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete SEFAs in their Single Audit reports submitted to the Commonwealth, and federal funds may not be properly audited at the subrecipient level in accordance with the Single Audit Act and Uniform Guidance. Not evaluating each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward may result in subrecipients using the subaward for unauthorized purposes or in violation of the terms and conditions of the subaward, and state agency monitoring would not detect this noncompliance and ensure it is corrected in a timely manner. Finding 2024 –¬ 014: (continued) Recommendation: DHS, L&I, and DDAP should develop policies and reporting mechanisms to ensure all required federal award information is disseminated to all subrecipients at the time of the subaward to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. In addition, DHS, DDAP, and L&I should correspond with applicable subrecipients to ensure they are aware of the correct federal award information and review applicable subaward documents prior to issuance to ensure federal information is complete and accurate. PDA, PDOA, DOH, and DHS should implement procedures to adequately document their evaluation of each subrecipient’s risk of noncompliance as cited in 2 CFR Section 200.332 for purposes of determining the appropriate subrecipient monitoring related to the subaward. DHS Response: DHS agrees with the finding. DOH Response: DOH agrees with the finding. PDA Response: PDA agrees with the finding. PDOA Response: PDOA agrees with the finding. DDAP Response: DDAP agrees with the concern indicated in this finding regarding not identifying the federal award information and applicable requirements in subrecipient award documents. The Department contracts with 47 Single County Authorities (SCAs) through 5-year grant agreements. These grant agreements may not have all of the required federal award information pursuant to 2 CFR 200.332 when the agreement is executed. DDAP understands the need to develop policies to ensure all required federal award information is disseminated to all subrecipients. Going forward, the Department will send a separate notification to all subrecipients once all federal award information has been identified to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. L&I Response: L&I considered the required elements outlined in 2 CFR Section 200.332 when designing the template for its subaward documents. The template included a specific section to list the Federal Awarding Agency; however, upon execution of the TANF subaward documents, L&I inadvertently entered incorrect data into this field. The result was that while a Federal Agency was listed in the contract, it was not the Federal Awarding Agency that provided the TANF funding. Upon being made aware of the error, L&I immediately corrected and disseminated the corrected information to the sub-recipients through the Commonwealth Workforce Development System. L&I agrees that at the time of award the name of the Federal Awarding Agency that provided the TANF funding was not included in the subaward documents. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 –¬ 014: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant ALN 93.788 – Opioid STR State Agencies Did Not Identify the Federal Award Information and Applicable Requirements at the Time of the Subaward and Did Not Evaluate Each Subrecipient’s Risk of Noncompliance as Required by the Uniform Grant Guidance (A Similar Condition Was Noted in Prior Year Finding 2023-023) Federal Grant Number(s) and Year(s): 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 231PA445Q2204 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), 228PA100I1003 (6/13/2022 – 6/30/2025), 238PA000I1003 (5/25/2023 – 6/30/2025), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), NU50CK000527 (8/01/2019 – 7/31/2026), 2401PATANF (10/01/2023 – 9/30/2024), 2301PATANF (10/01/2022 – 9/30/2023), 2201PATANF (10/01/2021-9/30/2022), 2101PATANF (10/01/2020 – 9/30/2021), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), H79TI083297 (9/30/2021 – 9/29/2023), H79TI085783 (9/30/2022 – 9/29/2024) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Compliance Requirement: Subrecipient Monitoring Condition: The Uniform Guidance in 2 CFR Section 200 applies to the major programs listed above for the fiscal year ended June 30, 2024. Our testing disclosed that the Pennsylvania Department of Human Services (DHS), the Pennsylvania Department of Drug and Alcohol Programs (DDAP), and the Pennsylvania Department of Labor and Industry (L&I) did not identify the federal award information and applicable requirements in subrecipient award documents. Additionally, the Pennsylvania Department of Agriculture (PDA), Pennsylvania Department of Aging (PDOA), Pennsylvania Department of Health (DOH), and DHS did not adequately evaluate each subrecipient’s risk of noncompliance for the purpose of determining the appropriate subrecipient monitoring related to the subaward. This represents an internal control weakness which could cause subrecipients to be improperly informed of federal award information and may result in inadequate monitoring by the state agencies. Also, it could cause the omission or improper identification of program expenditures on subrecipients’ Schedules of Expenditures of Federal Awards (SEFAs). The following chart shows which federal award information required by 2 CFR Section 200 was omitted (as indicated by “No”) from the subrecipient award documents at the time of the subaward and which major programs did not have a state agency evaluation of each subrecipient’s risk of noncompliance. Finding 2024 –¬ 014: (continued) SEE SCHEDULE OF FINDINGS AND QUESTIONED COSTS FOR CHART/TABLE (The cells with a hyphen in the table indicate that the federal award information was included in the subrecipient award documents or was not applicable for the respective major program.) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: Finding 2024 –¬ 014: (continued) (1) Federal Award Identification. (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal Award date in section 200.1) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the pass-through entity; (xii) Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F [Audit Requirements] of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency) Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should identify, analyze, and respond to risks related to achieving the defined objectives. Management should identify, analyze, and respond to significant changes that could impact the internal control system. Cause: In general, DHS’s, L&I’s, and DDAP’s processes for subrecipient award monitoring did not identify the omission of required elements from the grant awards. In addition, the risk assessments performed by PDA, PDOA, DOH, and DHS were not properly documented or not performed. Effect: Excluding the federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete SEFAs in their Single Audit reports submitted to the Commonwealth, and federal funds may not be properly audited at the subrecipient level in accordance with the Single Audit Act and Uniform Guidance. Not evaluating each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward may result in subrecipients using the subaward for unauthorized purposes or in violation of the terms and conditions of the subaward, and state agency monitoring would not detect this noncompliance and ensure it is corrected in a timely manner. Finding 2024 –¬ 014: (continued) Recommendation: DHS, L&I, and DDAP should develop policies and reporting mechanisms to ensure all required federal award information is disseminated to all subrecipients at the time of the subaward to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. In addition, DHS, DDAP, and L&I should correspond with applicable subrecipients to ensure they are aware of the correct federal award information and review applicable subaward documents prior to issuance to ensure federal information is complete and accurate. PDA, PDOA, DOH, and DHS should implement procedures to adequately document their evaluation of each subrecipient’s risk of noncompliance as cited in 2 CFR Section 200.332 for purposes of determining the appropriate subrecipient monitoring related to the subaward. DHS Response: DHS agrees with the finding. DOH Response: DOH agrees with the finding. PDA Response: PDA agrees with the finding. PDOA Response: PDOA agrees with the finding. DDAP Response: DDAP agrees with the concern indicated in this finding regarding not identifying the federal award information and applicable requirements in subrecipient award documents. The Department contracts with 47 Single County Authorities (SCAs) through 5-year grant agreements. These grant agreements may not have all of the required federal award information pursuant to 2 CFR 200.332 when the agreement is executed. DDAP understands the need to develop policies to ensure all required federal award information is disseminated to all subrecipients. Going forward, the Department will send a separate notification to all subrecipients once all federal award information has been identified to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. L&I Response: L&I considered the required elements outlined in 2 CFR Section 200.332 when designing the template for its subaward documents. The template included a specific section to list the Federal Awarding Agency; however, upon execution of the TANF subaward documents, L&I inadvertently entered incorrect data into this field. The result was that while a Federal Agency was listed in the contract, it was not the Federal Awarding Agency that provided the TANF funding. Upon being made aware of the error, L&I immediately corrected and disseminated the corrected information to the sub-recipients through the Commonwealth Workforce Development System. L&I agrees that at the time of award the name of the Federal Awarding Agency that provided the TANF funding was not included in the subaward documents. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 –¬ 014: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant ALN 93.788 – Opioid STR State Agencies Did Not Identify the Federal Award Information and Applicable Requirements at the Time of the Subaward and Did Not Evaluate Each Subrecipient’s Risk of Noncompliance as Required by the Uniform Grant Guidance (A Similar Condition Was Noted in Prior Year Finding 2023-023) Federal Grant Number(s) and Year(s): 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 231PA445Q2204 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), 228PA100I1003 (6/13/2022 – 6/30/2025), 238PA000I1003 (5/25/2023 – 6/30/2025), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), NU50CK000527 (8/01/2019 – 7/31/2026), 2401PATANF (10/01/2023 – 9/30/2024), 2301PATANF (10/01/2022 – 9/30/2023), 2201PATANF (10/01/2021-9/30/2022), 2101PATANF (10/01/2020 – 9/30/2021), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), H79TI083297 (9/30/2021 – 9/29/2023), H79TI085783 (9/30/2022 – 9/29/2024) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Compliance Requirement: Subrecipient Monitoring Condition: The Uniform Guidance in 2 CFR Section 200 applies to the major programs listed above for the fiscal year ended June 30, 2024. Our testing disclosed that the Pennsylvania Department of Human Services (DHS), the Pennsylvania Department of Drug and Alcohol Programs (DDAP), and the Pennsylvania Department of Labor and Industry (L&I) did not identify the federal award information and applicable requirements in subrecipient award documents. Additionally, the Pennsylvania Department of Agriculture (PDA), Pennsylvania Department of Aging (PDOA), Pennsylvania Department of Health (DOH), and DHS did not adequately evaluate each subrecipient’s risk of noncompliance for the purpose of determining the appropriate subrecipient monitoring related to the subaward. This represents an internal control weakness which could cause subrecipients to be improperly informed of federal award information and may result in inadequate monitoring by the state agencies. Also, it could cause the omission or improper identification of program expenditures on subrecipients’ Schedules of Expenditures of Federal Awards (SEFAs). The following chart shows which federal award information required by 2 CFR Section 200 was omitted (as indicated by “No”) from the subrecipient award documents at the time of the subaward and which major programs did not have a state agency evaluation of each subrecipient’s risk of noncompliance. Finding 2024 –¬ 014: (continued) SEE SCHEDULE OF FINDINGS AND QUESTIONED COSTS FOR CHART/TABLE (The cells with a hyphen in the table indicate that the federal award information was included in the subrecipient award documents or was not applicable for the respective major program.) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: Finding 2024 –¬ 014: (continued) (1) Federal Award Identification. (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal Award date in section 200.1) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the pass-through entity; (xii) Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F [Audit Requirements] of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency) Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should identify, analyze, and respond to risks related to achieving the defined objectives. Management should identify, analyze, and respond to significant changes that could impact the internal control system. Cause: In general, DHS’s, L&I’s, and DDAP’s processes for subrecipient award monitoring did not identify the omission of required elements from the grant awards. In addition, the risk assessments performed by PDA, PDOA, DOH, and DHS were not properly documented or not performed. Effect: Excluding the federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete SEFAs in their Single Audit reports submitted to the Commonwealth, and federal funds may not be properly audited at the subrecipient level in accordance with the Single Audit Act and Uniform Guidance. Not evaluating each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward may result in subrecipients using the subaward for unauthorized purposes or in violation of the terms and conditions of the subaward, and state agency monitoring would not detect this noncompliance and ensure it is corrected in a timely manner. Finding 2024 –¬ 014: (continued) Recommendation: DHS, L&I, and DDAP should develop policies and reporting mechanisms to ensure all required federal award information is disseminated to all subrecipients at the time of the subaward to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. In addition, DHS, DDAP, and L&I should correspond with applicable subrecipients to ensure they are aware of the correct federal award information and review applicable subaward documents prior to issuance to ensure federal information is complete and accurate. PDA, PDOA, DOH, and DHS should implement procedures to adequately document their evaluation of each subrecipient’s risk of noncompliance as cited in 2 CFR Section 200.332 for purposes of determining the appropriate subrecipient monitoring related to the subaward. DHS Response: DHS agrees with the finding. DOH Response: DOH agrees with the finding. PDA Response: PDA agrees with the finding. PDOA Response: PDOA agrees with the finding. DDAP Response: DDAP agrees with the concern indicated in this finding regarding not identifying the federal award information and applicable requirements in subrecipient award documents. The Department contracts with 47 Single County Authorities (SCAs) through 5-year grant agreements. These grant agreements may not have all of the required federal award information pursuant to 2 CFR 200.332 when the agreement is executed. DDAP understands the need to develop policies to ensure all required federal award information is disseminated to all subrecipients. Going forward, the Department will send a separate notification to all subrecipients once all federal award information has been identified to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. L&I Response: L&I considered the required elements outlined in 2 CFR Section 200.332 when designing the template for its subaward documents. The template included a specific section to list the Federal Awarding Agency; however, upon execution of the TANF subaward documents, L&I inadvertently entered incorrect data into this field. The result was that while a Federal Agency was listed in the contract, it was not the Federal Awarding Agency that provided the TANF funding. Upon being made aware of the error, L&I immediately corrected and disseminated the corrected information to the sub-recipients through the Commonwealth Workforce Development System. L&I agrees that at the time of award the name of the Federal Awarding Agency that provided the TANF funding was not included in the subaward documents. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 –¬ 014: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant ALN 93.788 – Opioid STR State Agencies Did Not Identify the Federal Award Information and Applicable Requirements at the Time of the Subaward and Did Not Evaluate Each Subrecipient’s Risk of Noncompliance as Required by the Uniform Grant Guidance (A Similar Condition Was Noted in Prior Year Finding 2023-023) Federal Grant Number(s) and Year(s): 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 231PA445Q2204 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), 228PA100I1003 (6/13/2022 – 6/30/2025), 238PA000I1003 (5/25/2023 – 6/30/2025), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), NU50CK000527 (8/01/2019 – 7/31/2026), 2401PATANF (10/01/2023 – 9/30/2024), 2301PATANF (10/01/2022 – 9/30/2023), 2201PATANF (10/01/2021-9/30/2022), 2101PATANF (10/01/2020 – 9/30/2021), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), H79TI083297 (9/30/2021 – 9/29/2023), H79TI085783 (9/30/2022 – 9/29/2024) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Compliance Requirement: Subrecipient Monitoring Condition: The Uniform Guidance in 2 CFR Section 200 applies to the major programs listed above for the fiscal year ended June 30, 2024. Our testing disclosed that the Pennsylvania Department of Human Services (DHS), the Pennsylvania Department of Drug and Alcohol Programs (DDAP), and the Pennsylvania Department of Labor and Industry (L&I) did not identify the federal award information and applicable requirements in subrecipient award documents. Additionally, the Pennsylvania Department of Agriculture (PDA), Pennsylvania Department of Aging (PDOA), Pennsylvania Department of Health (DOH), and DHS did not adequately evaluate each subrecipient’s risk of noncompliance for the purpose of determining the appropriate subrecipient monitoring related to the subaward. This represents an internal control weakness which could cause subrecipients to be improperly informed of federal award information and may result in inadequate monitoring by the state agencies. Also, it could cause the omission or improper identification of program expenditures on subrecipients’ Schedules of Expenditures of Federal Awards (SEFAs). The following chart shows which federal award information required by 2 CFR Section 200 was omitted (as indicated by “No”) from the subrecipient award documents at the time of the subaward and which major programs did not have a state agency evaluation of each subrecipient’s risk of noncompliance. Finding 2024 –¬ 014: (continued) SEE SCHEDULE OF FINDINGS AND QUESTIONED COSTS FOR CHART/TABLE (The cells with a hyphen in the table indicate that the federal award information was included in the subrecipient award documents or was not applicable for the respective major program.) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: Finding 2024 –¬ 014: (continued) (1) Federal Award Identification. (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal Award date in section 200.1) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the pass-through entity; (xii) Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F [Audit Requirements] of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency) Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should identify, analyze, and respond to risks related to achieving the defined objectives. Management should identify, analyze, and respond to significant changes that could impact the internal control system. Cause: In general, DHS’s, L&I’s, and DDAP’s processes for subrecipient award monitoring did not identify the omission of required elements from the grant awards. In addition, the risk assessments performed by PDA, PDOA, DOH, and DHS were not properly documented or not performed. Effect: Excluding the federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete SEFAs in their Single Audit reports submitted to the Commonwealth, and federal funds may not be properly audited at the subrecipient level in accordance with the Single Audit Act and Uniform Guidance. Not evaluating each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward may result in subrecipients using the subaward for unauthorized purposes or in violation of the terms and conditions of the subaward, and state agency monitoring would not detect this noncompliance and ensure it is corrected in a timely manner. Finding 2024 –¬ 014: (continued) Recommendation: DHS, L&I, and DDAP should develop policies and reporting mechanisms to ensure all required federal award information is disseminated to all subrecipients at the time of the subaward to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. In addition, DHS, DDAP, and L&I should correspond with applicable subrecipients to ensure they are aware of the correct federal award information and review applicable subaward documents prior to issuance to ensure federal information is complete and accurate. PDA, PDOA, DOH, and DHS should implement procedures to adequately document their evaluation of each subrecipient’s risk of noncompliance as cited in 2 CFR Section 200.332 for purposes of determining the appropriate subrecipient monitoring related to the subaward. DHS Response: DHS agrees with the finding. DOH Response: DOH agrees with the finding. PDA Response: PDA agrees with the finding. PDOA Response: PDOA agrees with the finding. DDAP Response: DDAP agrees with the concern indicated in this finding regarding not identifying the federal award information and applicable requirements in subrecipient award documents. The Department contracts with 47 Single County Authorities (SCAs) through 5-year grant agreements. These grant agreements may not have all of the required federal award information pursuant to 2 CFR 200.332 when the agreement is executed. DDAP understands the need to develop policies to ensure all required federal award information is disseminated to all subrecipients. Going forward, the Department will send a separate notification to all subrecipients once all federal award information has been identified to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. L&I Response: L&I considered the required elements outlined in 2 CFR Section 200.332 when designing the template for its subaward documents. The template included a specific section to list the Federal Awarding Agency; however, upon execution of the TANF subaward documents, L&I inadvertently entered incorrect data into this field. The result was that while a Federal Agency was listed in the contract, it was not the Federal Awarding Agency that provided the TANF funding. Upon being made aware of the error, L&I immediately corrected and disseminated the corrected information to the sub-recipients through the Commonwealth Workforce Development System. L&I agrees that at the time of award the name of the Federal Awarding Agency that provided the TANF funding was not included in the subaward documents. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 –¬ 014: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant ALN 93.788 – Opioid STR State Agencies Did Not Identify the Federal Award Information and Applicable Requirements at the Time of the Subaward and Did Not Evaluate Each Subrecipient’s Risk of Noncompliance as Required by the Uniform Grant Guidance (A Similar Condition Was Noted in Prior Year Finding 2023-023) Federal Grant Number(s) and Year(s): 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 231PA445Q2204 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), 228PA100I1003 (6/13/2022 – 6/30/2025), 238PA000I1003 (5/25/2023 – 6/30/2025), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), NU50CK000527 (8/01/2019 – 7/31/2026), 2401PATANF (10/01/2023 – 9/30/2024), 2301PATANF (10/01/2022 – 9/30/2023), 2201PATANF (10/01/2021-9/30/2022), 2101PATANF (10/01/2020 – 9/30/2021), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), H79TI083297 (9/30/2021 – 9/29/2023), H79TI085783 (9/30/2022 – 9/29/2024) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Compliance Requirement: Subrecipient Monitoring Condition: The Uniform Guidance in 2 CFR Section 200 applies to the major programs listed above for the fiscal year ended June 30, 2024. Our testing disclosed that the Pennsylvania Department of Human Services (DHS), the Pennsylvania Department of Drug and Alcohol Programs (DDAP), and the Pennsylvania Department of Labor and Industry (L&I) did not identify the federal award information and applicable requirements in subrecipient award documents. Additionally, the Pennsylvania Department of Agriculture (PDA), Pennsylvania Department of Aging (PDOA), Pennsylvania Department of Health (DOH), and DHS did not adequately evaluate each subrecipient’s risk of noncompliance for the purpose of determining the appropriate subrecipient monitoring related to the subaward. This represents an internal control weakness which could cause subrecipients to be improperly informed of federal award information and may result in inadequate monitoring by the state agencies. Also, it could cause the omission or improper identification of program expenditures on subrecipients’ Schedules of Expenditures of Federal Awards (SEFAs). The following chart shows which federal award information required by 2 CFR Section 200 was omitted (as indicated by “No”) from the subrecipient award documents at the time of the subaward and which major programs did not have a state agency evaluation of each subrecipient’s risk of noncompliance. Finding 2024 –¬ 014: (continued) SEE SCHEDULE OF FINDINGS AND QUESTIONED COSTS FOR CHART/TABLE (The cells with a hyphen in the table indicate that the federal award information was included in the subrecipient award documents or was not applicable for the respective major program.) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: Finding 2024 –¬ 014: (continued) (1) Federal Award Identification. (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal Award date in section 200.1) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the pass-through entity; (xii) Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F [Audit Requirements] of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency) Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should identify, analyze, and respond to risks related to achieving the defined objectives. Management should identify, analyze, and respond to significant changes that could impact the internal control system. Cause: In general, DHS’s, L&I’s, and DDAP’s processes for subrecipient award monitoring did not identify the omission of required elements from the grant awards. In addition, the risk assessments performed by PDA, PDOA, DOH, and DHS were not properly documented or not performed. Effect: Excluding the federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete SEFAs in their Single Audit reports submitted to the Commonwealth, and federal funds may not be properly audited at the subrecipient level in accordance with the Single Audit Act and Uniform Guidance. Not evaluating each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward may result in subrecipients using the subaward for unauthorized purposes or in violation of the terms and conditions of the subaward, and state agency monitoring would not detect this noncompliance and ensure it is corrected in a timely manner. Finding 2024 –¬ 014: (continued) Recommendation: DHS, L&I, and DDAP should develop policies and reporting mechanisms to ensure all required federal award information is disseminated to all subrecipients at the time of the subaward to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. In addition, DHS, DDAP, and L&I should correspond with applicable subrecipients to ensure they are aware of the correct federal award information and review applicable subaward documents prior to issuance to ensure federal information is complete and accurate. PDA, PDOA, DOH, and DHS should implement procedures to adequately document their evaluation of each subrecipient’s risk of noncompliance as cited in 2 CFR Section 200.332 for purposes of determining the appropriate subrecipient monitoring related to the subaward. DHS Response: DHS agrees with the finding. DOH Response: DOH agrees with the finding. PDA Response: PDA agrees with the finding. PDOA Response: PDOA agrees with the finding. DDAP Response: DDAP agrees with the concern indicated in this finding regarding not identifying the federal award information and applicable requirements in subrecipient award documents. The Department contracts with 47 Single County Authorities (SCAs) through 5-year grant agreements. These grant agreements may not have all of the required federal award information pursuant to 2 CFR 200.332 when the agreement is executed. DDAP understands the need to develop policies to ensure all required federal award information is disseminated to all subrecipients. Going forward, the Department will send a separate notification to all subrecipients once all federal award information has been identified to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. L&I Response: L&I considered the required elements outlined in 2 CFR Section 200.332 when designing the template for its subaward documents. The template included a specific section to list the Federal Awarding Agency; however, upon execution of the TANF subaward documents, L&I inadvertently entered incorrect data into this field. The result was that while a Federal Agency was listed in the contract, it was not the Federal Awarding Agency that provided the TANF funding. Upon being made aware of the error, L&I immediately corrected and disseminated the corrected information to the sub-recipients through the Commonwealth Workforce Development System. L&I agrees that at the time of award the name of the Federal Awarding Agency that provided the TANF funding was not included in the subaward documents. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 –¬ 014: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant ALN 93.788 – Opioid STR State Agencies Did Not Identify the Federal Award Information and Applicable Requirements at the Time of the Subaward and Did Not Evaluate Each Subrecipient’s Risk of Noncompliance as Required by the Uniform Grant Guidance (A Similar Condition Was Noted in Prior Year Finding 2023-023) Federal Grant Number(s) and Year(s): 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 231PA445Q2204 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), 228PA100I1003 (6/13/2022 – 6/30/2025), 238PA000I1003 (5/25/2023 – 6/30/2025), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), NU50CK000527 (8/01/2019 – 7/31/2026), 2401PATANF (10/01/2023 – 9/30/2024), 2301PATANF (10/01/2022 – 9/30/2023), 2201PATANF (10/01/2021-9/30/2022), 2101PATANF (10/01/2020 – 9/30/2021), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), H79TI083297 (9/30/2021 – 9/29/2023), H79TI085783 (9/30/2022 – 9/29/2024) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Compliance Requirement: Subrecipient Monitoring Condition: The Uniform Guidance in 2 CFR Section 200 applies to the major programs listed above for the fiscal year ended June 30, 2024. Our testing disclosed that the Pennsylvania Department of Human Services (DHS), the Pennsylvania Department of Drug and Alcohol Programs (DDAP), and the Pennsylvania Department of Labor and Industry (L&I) did not identify the federal award information and applicable requirements in subrecipient award documents. Additionally, the Pennsylvania Department of Agriculture (PDA), Pennsylvania Department of Aging (PDOA), Pennsylvania Department of Health (DOH), and DHS did not adequately evaluate each subrecipient’s risk of noncompliance for the purpose of determining the appropriate subrecipient monitoring related to the subaward. This represents an internal control weakness which could cause subrecipients to be improperly informed of federal award information and may result in inadequate monitoring by the state agencies. Also, it could cause the omission or improper identification of program expenditures on subrecipients’ Schedules of Expenditures of Federal Awards (SEFAs). The following chart shows which federal award information required by 2 CFR Section 200 was omitted (as indicated by “No”) from the subrecipient award documents at the time of the subaward and which major programs did not have a state agency evaluation of each subrecipient’s risk of noncompliance. Finding 2024 –¬ 014: (continued) SEE SCHEDULE OF FINDINGS AND QUESTIONED COSTS FOR CHART/TABLE (The cells with a hyphen in the table indicate that the federal award information was included in the subrecipient award documents or was not applicable for the respective major program.) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: Finding 2024 –¬ 014: (continued) (1) Federal Award Identification. (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal Award date in section 200.1) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the pass-through entity; (xii) Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F [Audit Requirements] of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency) Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should identify, analyze, and respond to risks related to achieving the defined objectives. Management should identify, analyze, and respond to significant changes that could impact the internal control system. Cause: In general, DHS’s, L&I’s, and DDAP’s processes for subrecipient award monitoring did not identify the omission of required elements from the grant awards. In addition, the risk assessments performed by PDA, PDOA, DOH, and DHS were not properly documented or not performed. Effect: Excluding the federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete SEFAs in their Single Audit reports submitted to the Commonwealth, and federal funds may not be properly audited at the subrecipient level in accordance with the Single Audit Act and Uniform Guidance. Not evaluating each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward may result in subrecipients using the subaward for unauthorized purposes or in violation of the terms and conditions of the subaward, and state agency monitoring would not detect this noncompliance and ensure it is corrected in a timely manner. Finding 2024 –¬ 014: (continued) Recommendation: DHS, L&I, and DDAP should develop policies and reporting mechanisms to ensure all required federal award information is disseminated to all subrecipients at the time of the subaward to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. In addition, DHS, DDAP, and L&I should correspond with applicable subrecipients to ensure they are aware of the correct federal award information and review applicable subaward documents prior to issuance to ensure federal information is complete and accurate. PDA, PDOA, DOH, and DHS should implement procedures to adequately document their evaluation of each subrecipient’s risk of noncompliance as cited in 2 CFR Section 200.332 for purposes of determining the appropriate subrecipient monitoring related to the subaward. DHS Response: DHS agrees with the finding. DOH Response: DOH agrees with the finding. PDA Response: PDA agrees with the finding. PDOA Response: PDOA agrees with the finding. DDAP Response: DDAP agrees with the concern indicated in this finding regarding not identifying the federal award information and applicable requirements in subrecipient award documents. The Department contracts with 47 Single County Authorities (SCAs) through 5-year grant agreements. These grant agreements may not have all of the required federal award information pursuant to 2 CFR 200.332 when the agreement is executed. DDAP understands the need to develop policies to ensure all required federal award information is disseminated to all subrecipients. Going forward, the Department will send a separate notification to all subrecipients once all federal award information has been identified to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. L&I Response: L&I considered the required elements outlined in 2 CFR Section 200.332 when designing the template for its subaward documents. The template included a specific section to list the Federal Awarding Agency; however, upon execution of the TANF subaward documents, L&I inadvertently entered incorrect data into this field. The result was that while a Federal Agency was listed in the contract, it was not the Federal Awarding Agency that provided the TANF funding. Upon being made aware of the error, L&I immediately corrected and disseminated the corrected information to the sub-recipients through the Commonwealth Workforce Development System. L&I agrees that at the time of award the name of the Federal Awarding Agency that provided the TANF funding was not included in the subaward documents. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 –¬ 014: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant ALN 93.788 – Opioid STR State Agencies Did Not Identify the Federal Award Information and Applicable Requirements at the Time of the Subaward and Did Not Evaluate Each Subrecipient’s Risk of Noncompliance as Required by the Uniform Grant Guidance (A Similar Condition Was Noted in Prior Year Finding 2023-023) Federal Grant Number(s) and Year(s): 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 231PA445Q2204 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), 228PA100I1003 (6/13/2022 – 6/30/2025), 238PA000I1003 (5/25/2023 – 6/30/2025), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), NU50CK000527 (8/01/2019 – 7/31/2026), 2401PATANF (10/01/2023 – 9/30/2024), 2301PATANF (10/01/2022 – 9/30/2023), 2201PATANF (10/01/2021-9/30/2022), 2101PATANF (10/01/2020 – 9/30/2021), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), H79TI083297 (9/30/2021 – 9/29/2023), H79TI085783 (9/30/2022 – 9/29/2024) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Compliance Requirement: Subrecipient Monitoring Condition: The Uniform Guidance in 2 CFR Section 200 applies to the major programs listed above for the fiscal year ended June 30, 2024. Our testing disclosed that the Pennsylvania Department of Human Services (DHS), the Pennsylvania Department of Drug and Alcohol Programs (DDAP), and the Pennsylvania Department of Labor and Industry (L&I) did not identify the federal award information and applicable requirements in subrecipient award documents. Additionally, the Pennsylvania Department of Agriculture (PDA), Pennsylvania Department of Aging (PDOA), Pennsylvania Department of Health (DOH), and DHS did not adequately evaluate each subrecipient’s risk of noncompliance for the purpose of determining the appropriate subrecipient monitoring related to the subaward. This represents an internal control weakness which could cause subrecipients to be improperly informed of federal award information and may result in inadequate monitoring by the state agencies. Also, it could cause the omission or improper identification of program expenditures on subrecipients’ Schedules of Expenditures of Federal Awards (SEFAs). The following chart shows which federal award information required by 2 CFR Section 200 was omitted (as indicated by “No”) from the subrecipient award documents at the time of the subaward and which major programs did not have a state agency evaluation of each subrecipient’s risk of noncompliance. Finding 2024 –¬ 014: (continued) SEE SCHEDULE OF FINDINGS AND QUESTIONED COSTS FOR CHART/TABLE (The cells with a hyphen in the table indicate that the federal award information was included in the subrecipient award documents or was not applicable for the respective major program.) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: Finding 2024 –¬ 014: (continued) (1) Federal Award Identification. (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal Award date in section 200.1) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the pass-through entity; (xii) Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F [Audit Requirements] of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency) Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should identify, analyze, and respond to risks related to achieving the defined objectives. Management should identify, analyze, and respond to significant changes that could impact the internal control system. Cause: In general, DHS’s, L&I’s, and DDAP’s processes for subrecipient award monitoring did not identify the omission of required elements from the grant awards. In addition, the risk assessments performed by PDA, PDOA, DOH, and DHS were not properly documented or not performed. Effect: Excluding the federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete SEFAs in their Single Audit reports submitted to the Commonwealth, and federal funds may not be properly audited at the subrecipient level in accordance with the Single Audit Act and Uniform Guidance. Not evaluating each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward may result in subrecipients using the subaward for unauthorized purposes or in violation of the terms and conditions of the subaward, and state agency monitoring would not detect this noncompliance and ensure it is corrected in a timely manner. Finding 2024 –¬ 014: (continued) Recommendation: DHS, L&I, and DDAP should develop policies and reporting mechanisms to ensure all required federal award information is disseminated to all subrecipients at the time of the subaward to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. In addition, DHS, DDAP, and L&I should correspond with applicable subrecipients to ensure they are aware of the correct federal award information and review applicable subaward documents prior to issuance to ensure federal information is complete and accurate. PDA, PDOA, DOH, and DHS should implement procedures to adequately document their evaluation of each subrecipient’s risk of noncompliance as cited in 2 CFR Section 200.332 for purposes of determining the appropriate subrecipient monitoring related to the subaward. DHS Response: DHS agrees with the finding. DOH Response: DOH agrees with the finding. PDA Response: PDA agrees with the finding. PDOA Response: PDOA agrees with the finding. DDAP Response: DDAP agrees with the concern indicated in this finding regarding not identifying the federal award information and applicable requirements in subrecipient award documents. The Department contracts with 47 Single County Authorities (SCAs) through 5-year grant agreements. These grant agreements may not have all of the required federal award information pursuant to 2 CFR 200.332 when the agreement is executed. DDAP understands the need to develop policies to ensure all required federal award information is disseminated to all subrecipients. Going forward, the Department will send a separate notification to all subrecipients once all federal award information has been identified to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. L&I Response: L&I considered the required elements outlined in 2 CFR Section 200.332 when designing the template for its subaward documents. The template included a specific section to list the Federal Awarding Agency; however, upon execution of the TANF subaward documents, L&I inadvertently entered incorrect data into this field. The result was that while a Federal Agency was listed in the contract, it was not the Federal Awarding Agency that provided the TANF funding. Upon being made aware of the error, L&I immediately corrected and disseminated the corrected information to the sub-recipients through the Commonwealth Workforce Development System. L&I agrees that at the time of award the name of the Federal Awarding Agency that provided the TANF funding was not included in the subaward documents. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 –¬ 014: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant ALN 93.788 – Opioid STR State Agencies Did Not Identify the Federal Award Information and Applicable Requirements at the Time of the Subaward and Did Not Evaluate Each Subrecipient’s Risk of Noncompliance as Required by the Uniform Grant Guidance (A Similar Condition Was Noted in Prior Year Finding 2023-023) Federal Grant Number(s) and Year(s): 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 231PA445Q2204 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), 228PA100I1003 (6/13/2022 – 6/30/2025), 238PA000I1003 (5/25/2023 – 6/30/2025), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), NU50CK000527 (8/01/2019 – 7/31/2026), 2401PATANF (10/01/2023 – 9/30/2024), 2301PATANF (10/01/2022 – 9/30/2023), 2201PATANF (10/01/2021-9/30/2022), 2101PATANF (10/01/2020 – 9/30/2021), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), H79TI083297 (9/30/2021 – 9/29/2023), H79TI085783 (9/30/2022 – 9/29/2024) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Compliance Requirement: Subrecipient Monitoring Condition: The Uniform Guidance in 2 CFR Section 200 applies to the major programs listed above for the fiscal year ended June 30, 2024. Our testing disclosed that the Pennsylvania Department of Human Services (DHS), the Pennsylvania Department of Drug and Alcohol Programs (DDAP), and the Pennsylvania Department of Labor and Industry (L&I) did not identify the federal award information and applicable requirements in subrecipient award documents. Additionally, the Pennsylvania Department of Agriculture (PDA), Pennsylvania Department of Aging (PDOA), Pennsylvania Department of Health (DOH), and DHS did not adequately evaluate each subrecipient’s risk of noncompliance for the purpose of determining the appropriate subrecipient monitoring related to the subaward. This represents an internal control weakness which could cause subrecipients to be improperly informed of federal award information and may result in inadequate monitoring by the state agencies. Also, it could cause the omission or improper identification of program expenditures on subrecipients’ Schedules of Expenditures of Federal Awards (SEFAs). The following chart shows which federal award information required by 2 CFR Section 200 was omitted (as indicated by “No”) from the subrecipient award documents at the time of the subaward and which major programs did not have a state agency evaluation of each subrecipient’s risk of noncompliance. Finding 2024 –¬ 014: (continued) SEE SCHEDULE OF FINDINGS AND QUESTIONED COSTS FOR CHART/TABLE (The cells with a hyphen in the table indicate that the federal award information was included in the subrecipient award documents or was not applicable for the respective major program.) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: Finding 2024 –¬ 014: (continued) (1) Federal Award Identification. (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal Award date in section 200.1) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the pass-through entity; (xii) Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F [Audit Requirements] of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency) Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should identify, analyze, and respond to risks related to achieving the defined objectives. Management should identify, analyze, and respond to significant changes that could impact the internal control system. Cause: In general, DHS’s, L&I’s, and DDAP’s processes for subrecipient award monitoring did not identify the omission of required elements from the grant awards. In addition, the risk assessments performed by PDA, PDOA, DOH, and DHS were not properly documented or not performed. Effect: Excluding the federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete SEFAs in their Single Audit reports submitted to the Commonwealth, and federal funds may not be properly audited at the subrecipient level in accordance with the Single Audit Act and Uniform Guidance. Not evaluating each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward may result in subrecipients using the subaward for unauthorized purposes or in violation of the terms and conditions of the subaward, and state agency monitoring would not detect this noncompliance and ensure it is corrected in a timely manner. Finding 2024 –¬ 014: (continued) Recommendation: DHS, L&I, and DDAP should develop policies and reporting mechanisms to ensure all required federal award information is disseminated to all subrecipients at the time of the subaward to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. In addition, DHS, DDAP, and L&I should correspond with applicable subrecipients to ensure they are aware of the correct federal award information and review applicable subaward documents prior to issuance to ensure federal information is complete and accurate. PDA, PDOA, DOH, and DHS should implement procedures to adequately document their evaluation of each subrecipient’s risk of noncompliance as cited in 2 CFR Section 200.332 for purposes of determining the appropriate subrecipient monitoring related to the subaward. DHS Response: DHS agrees with the finding. DOH Response: DOH agrees with the finding. PDA Response: PDA agrees with the finding. PDOA Response: PDOA agrees with the finding. DDAP Response: DDAP agrees with the concern indicated in this finding regarding not identifying the federal award information and applicable requirements in subrecipient award documents. The Department contracts with 47 Single County Authorities (SCAs) through 5-year grant agreements. These grant agreements may not have all of the required federal award information pursuant to 2 CFR 200.332 when the agreement is executed. DDAP understands the need to develop policies to ensure all required federal award information is disseminated to all subrecipients. Going forward, the Department will send a separate notification to all subrecipients once all federal award information has been identified to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. L&I Response: L&I considered the required elements outlined in 2 CFR Section 200.332 when designing the template for its subaward documents. The template included a specific section to list the Federal Awarding Agency; however, upon execution of the TANF subaward documents, L&I inadvertently entered incorrect data into this field. The result was that while a Federal Agency was listed in the contract, it was not the Federal Awarding Agency that provided the TANF funding. Upon being made aware of the error, L&I immediately corrected and disseminated the corrected information to the sub-recipients through the Commonwealth Workforce Development System. L&I agrees that at the time of award the name of the Federal Awarding Agency that provided the TANF funding was not included in the subaward documents. Questioned Costs: The amount of questioned costs cannot be determined.
Department of Human Services Department of Labor and Industry Finding 2024 –¬ 009: ALN 93.558 – Temporary Assistance for Needy Families Department of Human Services Did Not Validate Financial Information as Part of Its On-Site Monitoring and the Department of Labor and Industry Did Not Perform Monitoring of Temporary Assistance for Needy Families Subrecipients (A Similar Condition Was Noted in Prior Year Finding 2023-014) Federal Grant Number(s) and Year(s): 2401PATANF (10/01/2023 – 9/30/2024), 2301PATANF (10/01/2022 – 9/30/2023), 2201PATANF (10/01/2021 – 9/30/2022), 2101PATANF (10/01/2020 – 9/30/2021) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Compliance Requirement: Subrecipient Monitoring Condition: During the fiscal year ended June 30, 2024, the Department of Human Services (DHS) paid $83.5 million (or 21.9 percent) in Temporary Assistance for Needy Families (TANF) funding to subrecipients within the New Directions, Cash Grants, and Alternatives to Abortion appropriations out of total federal TANF expenditures of $381.0 million reported on the June 30, 2024 Schedule of Expenditures of Federal Awards (SEFA). Our testing of DHS’s during-the-award monitoring of subrecipients for the fiscal year ended June 30, 2024, disclosed that DHS performed on-site monitoring for 16 out of 16 subrecipients selected for testing. The on-site monitoring that was performed consisted of reviews of program operations including design, data entry accuracy and timeliness, and case management analysis. The on-site monitoring also included a review of a sample of TANF recipient case files to ensure that the recipients’ TANF activities were documented and accurately entered in the Commonwealth’s Workforce Development System. However, DHS’s monitoring procedures for the 16 subrecipients were not adequate as they did not include a review or monitoring of subrecipient financial records, which would provide an assessment of a subrecipient’s compliance with applicable federal regulations. Although DHS’s monitoring procedures include reviewing subrecipient completed questionnaires for selected subrecipients that had questions related to financial matters, DHS’s monitoring personnel did not review subrecipient financial records. For example, DHS did not perform procedures to ensure subrecipient invoices agreed to the books and records of the subrecipient and that the records were adequate to support the allowability of costs paid by DHS during the award period. In addition, DHS’s monitoring procedures did not include an evaluation of the operating effectiveness of DHS subrecipients’ procedures to monitor Single Audits and any related findings. Our testing also included follow-up on one subrecipient identified in the prior year finding as not being on-site monitored by DHS when the risk assessment warranted on-site monitoring. Our follow-up during the current audit period disclosed that DHS did not conduct on-site monitoring for this subrecipient during the fiscal year ended June 30, 2024. Since the on-site monitoring was not completed, internal control weaknesses, noncompliance, and questioned costs may have existed and remained undetected during the current audit period. This subrecipient received $500 thousand of TANF funds during the fiscal year ended June 30, 2024. During the fiscal year ended June 30, 2024, the Department of Labor and Industry (L&I) paid $27.1 million in TANF funding to subrecipients within the Youth Employment and Training (E&T) appropriation (or 7.1 percent) out of total federal TANF expenditures of $381.0 million reported on the June 30, 2024 SEFA. Our testing of L&I’s during-the-award monitoring of subrecipients for the fiscal year ended June 30, 2024, disclosed that L&I did not perform on-site monitoring or desk reviews for seven out of seven subrecipients selected for testing. Finding 2024 –¬ 009: (continued) Criteria: 45 CFR Section 75.352, Requirements for pass-through entities, states: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521 [Management decision]. 2 CFR Section 200.332, Requirements for pass-through entities, states in part: A pass-through entity must: (f) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (c) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters; (2) Performing site visits to review the subrecipient's program operations; and (3) Arranging for agreed-upon-procedures engagements as described in §200.425 [Audit services]. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: DHS considered how financial monitoring might be incorporated into on-site monitoring procedures, but updated procedures were not in place for monitoring conducted during the fiscal year ended June 30, 2024. Therefore, DHS has not implemented adequate during-the-award monitoring procedures of subrecipients to include testing of the financial records and the subrecipients’ monitoring of Single Audits sufficient to ensure compliance with federal regulations. L&I recognized the need to perform during-the-award monitoring procedures for TANF funds passed through for the Youth E&T program, but the updated procedures were not in place for monitoring conducted during the fiscal year ended June 30, 2024. Effect: TANF subrecipients could be operating in noncompliance with federal regulations without timely detection and correction by DHS and L&I management. Recommendation: DHS and L&I should strengthen controls to ensure during-the-award monitoring is being performed for all TANF subrecipients and that the monitoring includes procedures to ensure that subrecipients are in compliance with applicable federal regulations. This should include examining subrecipients’ financial records and ensuring that all required Single Audits were obtained by DHS and L&I subrecipients. Finding 2024 –¬ 009: (continued) DHS Response: DHS agrees with this finding. L&I Response: L&I concurs with this finding. TANF Youth Development Program (TANF YDP) operations transitioned from the Bureau of Workforce Development Administration (BWDA) to the Bureau of Workforce Partnerships and Operations (BWPO) in January 2023. Due to this transition, BWPO did not conduct on site monitoring of the TANF YDP program in program year 2023. BWPO did begin on site monitoring in program year 2024 on a limited basis as a pilot with 3 local areas in September of 2024. BWPO plans to expand monitoring efforts in 2025. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 –¬ 014: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant ALN 93.788 – Opioid STR State Agencies Did Not Identify the Federal Award Information and Applicable Requirements at the Time of the Subaward and Did Not Evaluate Each Subrecipient’s Risk of Noncompliance as Required by the Uniform Grant Guidance (A Similar Condition Was Noted in Prior Year Finding 2023-023) Federal Grant Number(s) and Year(s): 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 231PA445Q2204 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), 228PA100I1003 (6/13/2022 – 6/30/2025), 238PA000I1003 (5/25/2023 – 6/30/2025), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), NU50CK000527 (8/01/2019 – 7/31/2026), 2401PATANF (10/01/2023 – 9/30/2024), 2301PATANF (10/01/2022 – 9/30/2023), 2201PATANF (10/01/2021-9/30/2022), 2101PATANF (10/01/2020 – 9/30/2021), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), H79TI083297 (9/30/2021 – 9/29/2023), H79TI085783 (9/30/2022 – 9/29/2024) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Compliance Requirement: Subrecipient Monitoring Condition: The Uniform Guidance in 2 CFR Section 200 applies to the major programs listed above for the fiscal year ended June 30, 2024. Our testing disclosed that the Pennsylvania Department of Human Services (DHS), the Pennsylvania Department of Drug and Alcohol Programs (DDAP), and the Pennsylvania Department of Labor and Industry (L&I) did not identify the federal award information and applicable requirements in subrecipient award documents. Additionally, the Pennsylvania Department of Agriculture (PDA), Pennsylvania Department of Aging (PDOA), Pennsylvania Department of Health (DOH), and DHS did not adequately evaluate each subrecipient’s risk of noncompliance for the purpose of determining the appropriate subrecipient monitoring related to the subaward. This represents an internal control weakness which could cause subrecipients to be improperly informed of federal award information and may result in inadequate monitoring by the state agencies. Also, it could cause the omission or improper identification of program expenditures on subrecipients’ Schedules of Expenditures of Federal Awards (SEFAs). The following chart shows which federal award information required by 2 CFR Section 200 was omitted (as indicated by “No”) from the subrecipient award documents at the time of the subaward and which major programs did not have a state agency evaluation of each subrecipient’s risk of noncompliance. Finding 2024 –¬ 014: (continued) SEE SCHEDULE OF FINDINGS AND QUESTIONED COSTS FOR CHART/TABLE (The cells with a hyphen in the table indicate that the federal award information was included in the subrecipient award documents or was not applicable for the respective major program.) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: Finding 2024 –¬ 014: (continued) (1) Federal Award Identification. (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal Award date in section 200.1) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the pass-through entity; (xii) Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F [Audit Requirements] of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency) Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should identify, analyze, and respond to risks related to achieving the defined objectives. Management should identify, analyze, and respond to significant changes that could impact the internal control system. Cause: In general, DHS’s, L&I’s, and DDAP’s processes for subrecipient award monitoring did not identify the omission of required elements from the grant awards. In addition, the risk assessments performed by PDA, PDOA, DOH, and DHS were not properly documented or not performed. Effect: Excluding the federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete SEFAs in their Single Audit reports submitted to the Commonwealth, and federal funds may not be properly audited at the subrecipient level in accordance with the Single Audit Act and Uniform Guidance. Not evaluating each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward may result in subrecipients using the subaward for unauthorized purposes or in violation of the terms and conditions of the subaward, and state agency monitoring would not detect this noncompliance and ensure it is corrected in a timely manner. Finding 2024 –¬ 014: (continued) Recommendation: DHS, L&I, and DDAP should develop policies and reporting mechanisms to ensure all required federal award information is disseminated to all subrecipients at the time of the subaward to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. In addition, DHS, DDAP, and L&I should correspond with applicable subrecipients to ensure they are aware of the correct federal award information and review applicable subaward documents prior to issuance to ensure federal information is complete and accurate. PDA, PDOA, DOH, and DHS should implement procedures to adequately document their evaluation of each subrecipient’s risk of noncompliance as cited in 2 CFR Section 200.332 for purposes of determining the appropriate subrecipient monitoring related to the subaward. DHS Response: DHS agrees with the finding. DOH Response: DOH agrees with the finding. PDA Response: PDA agrees with the finding. PDOA Response: PDOA agrees with the finding. DDAP Response: DDAP agrees with the concern indicated in this finding regarding not identifying the federal award information and applicable requirements in subrecipient award documents. The Department contracts with 47 Single County Authorities (SCAs) through 5-year grant agreements. These grant agreements may not have all of the required federal award information pursuant to 2 CFR 200.332 when the agreement is executed. DDAP understands the need to develop policies to ensure all required federal award information is disseminated to all subrecipients. Going forward, the Department will send a separate notification to all subrecipients once all federal award information has been identified to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. L&I Response: L&I considered the required elements outlined in 2 CFR Section 200.332 when designing the template for its subaward documents. The template included a specific section to list the Federal Awarding Agency; however, upon execution of the TANF subaward documents, L&I inadvertently entered incorrect data into this field. The result was that while a Federal Agency was listed in the contract, it was not the Federal Awarding Agency that provided the TANF funding. Upon being made aware of the error, L&I immediately corrected and disseminated the corrected information to the sub-recipients through the Commonwealth Workforce Development System. L&I agrees that at the time of award the name of the Federal Awarding Agency that provided the TANF funding was not included in the subaward documents. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 –¬ 014: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant ALN 93.788 – Opioid STR State Agencies Did Not Identify the Federal Award Information and Applicable Requirements at the Time of the Subaward and Did Not Evaluate Each Subrecipient’s Risk of Noncompliance as Required by the Uniform Grant Guidance (A Similar Condition Was Noted in Prior Year Finding 2023-023) Federal Grant Number(s) and Year(s): 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 231PA445Q2204 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), 228PA100I1003 (6/13/2022 – 6/30/2025), 238PA000I1003 (5/25/2023 – 6/30/2025), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), NU50CK000527 (8/01/2019 – 7/31/2026), 2401PATANF (10/01/2023 – 9/30/2024), 2301PATANF (10/01/2022 – 9/30/2023), 2201PATANF (10/01/2021-9/30/2022), 2101PATANF (10/01/2020 – 9/30/2021), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), H79TI083297 (9/30/2021 – 9/29/2023), H79TI085783 (9/30/2022 – 9/29/2024) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Compliance Requirement: Subrecipient Monitoring Condition: The Uniform Guidance in 2 CFR Section 200 applies to the major programs listed above for the fiscal year ended June 30, 2024. Our testing disclosed that the Pennsylvania Department of Human Services (DHS), the Pennsylvania Department of Drug and Alcohol Programs (DDAP), and the Pennsylvania Department of Labor and Industry (L&I) did not identify the federal award information and applicable requirements in subrecipient award documents. Additionally, the Pennsylvania Department of Agriculture (PDA), Pennsylvania Department of Aging (PDOA), Pennsylvania Department of Health (DOH), and DHS did not adequately evaluate each subrecipient’s risk of noncompliance for the purpose of determining the appropriate subrecipient monitoring related to the subaward. This represents an internal control weakness which could cause subrecipients to be improperly informed of federal award information and may result in inadequate monitoring by the state agencies. Also, it could cause the omission or improper identification of program expenditures on subrecipients’ Schedules of Expenditures of Federal Awards (SEFAs). The following chart shows which federal award information required by 2 CFR Section 200 was omitted (as indicated by “No”) from the subrecipient award documents at the time of the subaward and which major programs did not have a state agency evaluation of each subrecipient’s risk of noncompliance. Finding 2024 –¬ 014: (continued) SEE SCHEDULE OF FINDINGS AND QUESTIONED COSTS FOR CHART/TABLE (The cells with a hyphen in the table indicate that the federal award information was included in the subrecipient award documents or was not applicable for the respective major program.) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: Finding 2024 –¬ 014: (continued) (1) Federal Award Identification. (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal Award date in section 200.1) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the pass-through entity; (xii) Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F [Audit Requirements] of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency) Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should identify, analyze, and respond to risks related to achieving the defined objectives. Management should identify, analyze, and respond to significant changes that could impact the internal control system. Cause: In general, DHS’s, L&I’s, and DDAP’s processes for subrecipient award monitoring did not identify the omission of required elements from the grant awards. In addition, the risk assessments performed by PDA, PDOA, DOH, and DHS were not properly documented or not performed. Effect: Excluding the federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete SEFAs in their Single Audit reports submitted to the Commonwealth, and federal funds may not be properly audited at the subrecipient level in accordance with the Single Audit Act and Uniform Guidance. Not evaluating each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward may result in subrecipients using the subaward for unauthorized purposes or in violation of the terms and conditions of the subaward, and state agency monitoring would not detect this noncompliance and ensure it is corrected in a timely manner. Finding 2024 –¬ 014: (continued) Recommendation: DHS, L&I, and DDAP should develop policies and reporting mechanisms to ensure all required federal award information is disseminated to all subrecipients at the time of the subaward to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. In addition, DHS, DDAP, and L&I should correspond with applicable subrecipients to ensure they are aware of the correct federal award information and review applicable subaward documents prior to issuance to ensure federal information is complete and accurate. PDA, PDOA, DOH, and DHS should implement procedures to adequately document their evaluation of each subrecipient’s risk of noncompliance as cited in 2 CFR Section 200.332 for purposes of determining the appropriate subrecipient monitoring related to the subaward. DHS Response: DHS agrees with the finding. DOH Response: DOH agrees with the finding. PDA Response: PDA agrees with the finding. PDOA Response: PDOA agrees with the finding. DDAP Response: DDAP agrees with the concern indicated in this finding regarding not identifying the federal award information and applicable requirements in subrecipient award documents. The Department contracts with 47 Single County Authorities (SCAs) through 5-year grant agreements. These grant agreements may not have all of the required federal award information pursuant to 2 CFR 200.332 when the agreement is executed. DDAP understands the need to develop policies to ensure all required federal award information is disseminated to all subrecipients. Going forward, the Department will send a separate notification to all subrecipients once all federal award information has been identified to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. L&I Response: L&I considered the required elements outlined in 2 CFR Section 200.332 when designing the template for its subaward documents. The template included a specific section to list the Federal Awarding Agency; however, upon execution of the TANF subaward documents, L&I inadvertently entered incorrect data into this field. The result was that while a Federal Agency was listed in the contract, it was not the Federal Awarding Agency that provided the TANF funding. Upon being made aware of the error, L&I immediately corrected and disseminated the corrected information to the sub-recipients through the Commonwealth Workforce Development System. L&I agrees that at the time of award the name of the Federal Awarding Agency that provided the TANF funding was not included in the subaward documents. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 ¬– 015: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 15.252 – Abandoned Mine Land Reclamation (AMLR) ALN 21.027 – COVID 19 – Coronavirus State and Local Fiscal Recovery Funds ALN 84.425C – COVID 19 – Education Stabilization Fund – GEER Fund ALN 84.425D – COVID 19 – Education Stabilization Fund – ESSER Fund ALN 84.425R – COVID 19 – Education Stabilization Fund – CRRSA EANS Program ALN 84.425U – COVID 19 – Education Stabilization Fund – ARP ESSER ALN 84.425V – COVID 19 – Education Stabilization Fund – ARP EANS Program ALN 84.425W – COVID 19 – Education Stabilization Fund – ARP ESSER HCY ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2023-024) Federal Grant Number(s) and Year(s): 228PA100I1003 (6/13/2022 – 6/30/2025), 231PA445Q2204 (10/01/2022 – 9/30/2023), 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), S18AF20004 (11/01/2017 – 10/31/2025), S19AF20004 (12/01/2018 – 11/30/2025), S21AF10015 (1/01/2021 – 12/31/2023), S22AF00017 (1/01/2022 – 12/31/2024), S23AF00002 (11/01/2022 – 10/31/2027), TN75GJE1S7G3 (3/03/2021 – 12/31/2024), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021– 9/30/2024), S425D210028 (1/05/2021 – 9/30/2024), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2024), S425V210037 (11/16/2021 – 9/30/2024), S425C210013 (3/13/2020 – 9/30/2024), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), 2101PATANF (10/01/2020 – 9/30/2021), 2201PATANF (10/01/2021 – 9/30/2022), 2301PATANF (10/01/2022 – 9/30/2023), 2401PATANF (10/01/2023 – 9/30/2024), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), 2301PATANF (10/01/2022 – 9/30/2024), 2401PATANF (10/01/2023 – 9/30/2025) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters for Abandoned Mine Land Reclamation (AMLR), Temporary Assistance for Needy Families, Coronavirus State and Local Fiscal Recovery Funds, and Social Services Block Grant Material Weakness in Internal Control over Compliance, Material Noncompliance for Food Distribution Cluster, Education Stabilization Fund, and Aging Cluster Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Acceptance date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance Finding 2024 ¬– 015: (continued) audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2024 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2023 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2024. We also evaluated the Commonwealth’s review of 45 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2024 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 17.6 months to over 18 months after the FAC Acceptance date for two out of two audit reports with findings. There was also a delay in PDOA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 8.7 months to over 16 months after the FAC Acceptance date for four out of four audit reports with findings. • Department of Education (PDE): The time period for making a management decision on findings was approximately 7.8 months to over 12 months after the FAC Acceptance date for seven out of 22 audit reports with findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 11.6 months to over 12 months after the FAC Acceptance date for two out of two audit reports with findings. Our testing disclosed for the two late audit reports, DEP made management decisions timely. However, DEP did not notify the subrecipients of the management decisions within the required six month time period after the audit reports FAC Acceptance date. • Department of Human Services (DHS): The time period for making a management decision on findings was approximately 7.2 months after the FAC Acceptance date for one out of two audit reports with findings. Our testing disclosed for the one late audit report DHS made a management decision timely. However, DHS did not notify the subrecipient of the management decision within the required six month time period after the audit reports FAC Acceptance date. Criteria: 2 CFR §200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: Finding 2024 ¬– 015: (continued) (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR §200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR §200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR §200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. 2 CFR §200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. Finding 2024 ¬– 015: (continued) (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Finding 2024 ¬– 015: (continued) Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (6) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, and untimely review of the SEFA or alternate procedures be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. Finding 2024 ¬– 015: (continued) DHS Response: DHS agrees that there was an exception where human error caused a management decision on one single audit report to be issued untimely; in this instance, the decision itself was made timely but was not communicated in a timely manner. DHS disagrees that an isolated incident due to human error signifies a weakness in internal controls. This was not a systemic issue and therefore should not have been considered a significant deficiency in internal controls, and DHS should not have been included in this finding. Auditors’ Conclusion: The agency responses from PDOA, PDA, PDE, and DEP indicate agreement with the finding. DHS agrees that an error occurred resulting in untimely submission of one management decision, DHS disagrees that the error represents a significant deficiency. We acknowledge the error occurred due to an oversight and is not a systemic error, however, the error resulted in noncompliance with one of two audit reports that required timely management decisions. We will evaluate corrective action in the subsequent audit. The finding remains as stated. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2024 –¬ 014: ALN 10.565, 10.568, 10.569 – Food Distribution Cluster ALN 93.044, 93.045, 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) ALN 93.558 – Temporary Assistance for Needy Families ALN 93.667 – Social Services Block Grant ALN 93.788 – Opioid STR State Agencies Did Not Identify the Federal Award Information and Applicable Requirements at the Time of the Subaward and Did Not Evaluate Each Subrecipient’s Risk of Noncompliance as Required by the Uniform Grant Guidance (A Similar Condition Was Noted in Prior Year Finding 2023-023) Federal Grant Number(s) and Year(s): 231PA825Y8005 (10/01/2022 – 9/30/2023), 231PA825Y8105 (10/01/2022 – 9/30/2023), 231PA445Q2204 (10/01/2022 – 9/30/2023), 241PA825Y8005 (10/01/2023 – 9/30/2024), 241PA825Y8105 (10/01/2023 – 9/30/2024), 228PA100I1003 (6/13/2022 – 6/30/2025), 238PA000I1003 (5/25/2023 – 6/30/2025), 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD (10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 2401PAOACM (10/01/2023 – 9/30/2025), 2401PAOAHD (10/01/2023 – 9/30/2025), 2401PAOANS (10/01/2023 – 9/30/2025), 2401PAOASS (10/01/2023 – 9/30/2025), NU50CK000527 (8/01/2019 – 7/31/2026), 2401PATANF (10/01/2023 – 9/30/2024), 2301PATANF (10/01/2022 – 9/30/2023), 2201PATANF (10/01/2021-9/30/2022), 2101PATANF (10/01/2020 – 9/30/2021), 2301PASOSR (10/01/2022 – 9/30/2024), 2401PASOSR (10/01/2023 – 9/30/2025), H79TI083297 (9/30/2021 – 9/29/2023), H79TI085783 (9/30/2022 – 9/29/2024) Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Compliance Requirement: Subrecipient Monitoring Condition: The Uniform Guidance in 2 CFR Section 200 applies to the major programs listed above for the fiscal year ended June 30, 2024. Our testing disclosed that the Pennsylvania Department of Human Services (DHS), the Pennsylvania Department of Drug and Alcohol Programs (DDAP), and the Pennsylvania Department of Labor and Industry (L&I) did not identify the federal award information and applicable requirements in subrecipient award documents. Additionally, the Pennsylvania Department of Agriculture (PDA), Pennsylvania Department of Aging (PDOA), Pennsylvania Department of Health (DOH), and DHS did not adequately evaluate each subrecipient’s risk of noncompliance for the purpose of determining the appropriate subrecipient monitoring related to the subaward. This represents an internal control weakness which could cause subrecipients to be improperly informed of federal award information and may result in inadequate monitoring by the state agencies. Also, it could cause the omission or improper identification of program expenditures on subrecipients’ Schedules of Expenditures of Federal Awards (SEFAs). The following chart shows which federal award information required by 2 CFR Section 200 was omitted (as indicated by “No”) from the subrecipient award documents at the time of the subaward and which major programs did not have a state agency evaluation of each subrecipient’s risk of noncompliance. Finding 2024 –¬ 014: (continued) SEE SCHEDULE OF FINDINGS AND QUESTIONED COSTS FOR CHART/TABLE (The cells with a hyphen in the table indicate that the federal award information was included in the subrecipient award documents or was not applicable for the respective major program.) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: Finding 2024 –¬ 014: (continued) (1) Federal Award Identification. (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal Award date in section 200.1) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity, including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the pass-through entity; (xii) Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F [Audit Requirements] of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency) Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should identify, analyze, and respond to risks related to achieving the defined objectives. Management should identify, analyze, and respond to significant changes that could impact the internal control system. Cause: In general, DHS’s, L&I’s, and DDAP’s processes for subrecipient award monitoring did not identify the omission of required elements from the grant awards. In addition, the risk assessments performed by PDA, PDOA, DOH, and DHS were not properly documented or not performed. Effect: Excluding the federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete SEFAs in their Single Audit reports submitted to the Commonwealth, and federal funds may not be properly audited at the subrecipient level in accordance with the Single Audit Act and Uniform Guidance. Not evaluating each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward may result in subrecipients using the subaward for unauthorized purposes or in violation of the terms and conditions of the subaward, and state agency monitoring would not detect this noncompliance and ensure it is corrected in a timely manner. Finding 2024 –¬ 014: (continued) Recommendation: DHS, L&I, and DDAP should develop policies and reporting mechanisms to ensure all required federal award information is disseminated to all subrecipients at the time of the subaward to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. In addition, DHS, DDAP, and L&I should correspond with applicable subrecipients to ensure they are aware of the correct federal award information and review applicable subaward documents prior to issuance to ensure federal information is complete and accurate. PDA, PDOA, DOH, and DHS should implement procedures to adequately document their evaluation of each subrecipient’s risk of noncompliance as cited in 2 CFR Section 200.332 for purposes of determining the appropriate subrecipient monitoring related to the subaward. DHS Response: DHS agrees with the finding. DOH Response: DOH agrees with the finding. PDA Response: PDA agrees with the finding. PDOA Response: PDOA agrees with the finding. DDAP Response: DDAP agrees with the concern indicated in this finding regarding not identifying the federal award information and applicable requirements in subrecipient award documents. The Department contracts with 47 Single County Authorities (SCAs) through 5-year grant agreements. These grant agreements may not have all of the required federal award information pursuant to 2 CFR 200.332 when the agreement is executed. DDAP understands the need to develop policies to ensure all required federal award information is disseminated to all subrecipients. Going forward, the Department will send a separate notification to all subrecipients once all federal award information has been identified to ensure subrecipient compliance with the Uniform Guidance in 2 CFR Section 200 and other applicable federal regulations. L&I Response: L&I considered the required elements outlined in 2 CFR Section 200.332 when designing the template for its subaward documents. The template included a specific section to list the Federal Awarding Agency; however, upon execution of the TANF subaward documents, L&I inadvertently entered incorrect data into this field. The result was that while a Federal Agency was listed in the contract, it was not the Federal Awarding Agency that provided the TANF funding. Upon being made aware of the error, L&I immediately corrected and disseminated the corrected information to the sub-recipients through the Commonwealth Workforce Development System. L&I agrees that at the time of award the name of the Federal Awarding Agency that provided the TANF funding was not included in the subaward documents. Questioned Costs: The amount of questioned costs cannot be determined.
CONDITION The State Treasurer's Office did not make subrecipients aware of all required grant award information for the Mineral Leasing Act. CRITERIA 2 CFR 200.332 requires pass-through entities to communicate specific required information to subrecipients. Required information includes: - Subrecipients name (Must match the name associated with its unique entity identifier) - Subrecipients unique entity identifier - Federal award identification number (FAIN) - Federal award date - Subaward period of performance start and end date - Amount of Federal funds obligated in the subaward - Total amount of Federal funds obligated to the subrecipient by the pass-through entity, including the current financial obligation - Total amount of the Federal award committed to the subrecipient by the pass-through entity - Federal award project description, as required by the Federal Funding Accountability and Transparency Act (FFATA) - Name of the Federal agency, pass-through entity, and contact information for awarding official of the pass-through entity - Assistance listings title and number; the pass-through entity must identify the dollar amount made available under each federal award and the Assistance listings number at the time of disbursement - Identification of whether the Federal award is for research and development - Indirect cost rate for the Federal award (including if the de minimis rate is used) - All requirements of the subaward, including requirements imposed by federal statutes, regulations, and the terms and condition of the Federal award 2 CFR 200.303 requires non-Federal entities, in part, to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. CAUSE Not all grant agreement requirements were included in the grant award template. EFFECT Subrecipients may not have been aware of all necessary grant information and requirements. CONTEXT There were 40 awards during the audit period of 7/1/2022 - 6/30/2024. There were 8 awards tested with 8 errors noted. The following criteria were missing: - (ii) Subrecipient's unique entity identifier; - (iii) Federal Award Identification Number (FAIN); - (xiii) Identification of whether the award is R&D; and - (xiv) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. - (4) (i) An approved federally recognized indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, the pass-through entity must determine the appropriate rate in collaboration with the subrecipient, which is either: (A) The negotiated indirect cost rate between the pass-through entity and the subrecipient; which can be based on a prior negotiated rate between a different PTE and the same subrecipient. If basing the rate on a previously negotiated rate, the pass-through entity is not required to collect information justifying this rate, but may elect to do so; (B) The de minimus indirect cost rate. (ii) The pass-through entity must not require use of a de minimis indirect cost rate if the subrecipient has a Federally approved rate. Subrecipients can elect to use the cost allocation method to account for indirect costs in accordance with § 200.405(d). - (6) Appropriate terms and conditions concerning closeout of the subaward. Where sampling was performed, the audit used a non-statistical sampling method. IDENTIFICATION AS A REPEAT FINDING Not a repeat finding. RECOMMENDATION We recommend the State Treasurer's Office update its grant award templates to ensure that subrecipients are made award of all required grant award information. STATE TREASURER’S OFFICE RESPONSE The Office of the State Treasurer does agree with finding that our grant award template did not make subrecipients aware of all required grant award information for the Mineral Leasing Act as required. See “Management’s Response and Corrective Action” section of this report.
CONDITION The Department of Public Instruction did not make subrecipients aware of all required grant award information for the Special Education Cluster, Title 1, Supporting Effective Instruction, Child and Adult Care Food Program, and Education Stabilization Fund. CRITERIA 2 CFR 200.332 requires pass-through entities to communicate specific required information to subrecipients. Required information includes: - Subrecipients name (Must match the name associated with its unique entity identifier) - Subrecipients unique entity identifier - Federal award identification number (FAIN) - Federal award date - Subaward period of performance start and end date - Amount of Federal funds obligated in the subaward - Total amount of Federal funds obligated to the subrecipient by the pass-through entity, including the current financial obligation - Total amount of the Federal award committed to the subrecipient by the pass-through entity - Federal award project description, as required by the Federal Funding Accountability and Transparency Act (FFATA) - Name of the Federal agency, pass-through entity, and contact information for awarding official of the pass-through entity - Assistance listings title and number; the pass-through entity must identify the dollar amount made available under each federal award and the Assistance listings number at the time of disbursement - Identification of whether the Federal award is for research and development - Indirect cost rate for the Federal award (including if the de minimis rate is used) - All requirements of the subaward, including requirements imposed by federal statutes, regulations, and the terms and condition of the Federal award 2 CFR 200.303 requires non-Federal entities, in part, to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. CAUSE Not all grant agreement requirements were entered into the grant award template. EFFECT Subrecipients may not have been aware of all necessary grant information and requirements. CONTEXT The number of grant agreements during the audit period is listed below. A. Special Education Cluster - 134 awards - 14 tested with 10 errors noted The following criteria were missing or incorrect: - Total amount of the Federal award committed to the subrecipient by the pass-through entity B. Title I program - 276 awards - 25 tested with 16 errors noted The following criteria were missing or incorrect: - Total amount of the Federal award committed to the subrecipient by the pass-through entity C. Supporting Effective Instruction - 278 awards - 25 tested with 21 errors noted The following criteria were missing or incorrect: - Subrecipients unique entity identifier - Federal award date - Federal award Identification Number (FAIN) - Total amount of the Federal award committed to the subrecipient by the pass-through entity D. Child and Adult Care Food Program - 134 awards - 14 tested with 2 errors noted The following criteria were missing or incorrect: - Subrecipients unique entity identifier - 1 subrecipient did not have a grant contract E. Education Stabilization Fund - 641 awards - 40 tested with 10 errors noted The following criteria were missing or incorrect: - Subrecipient name (1 sample did not have the correct subrecipient name on the grant award) - Subrecipients unique entity identifier (2 did not match the Subrecipient name on grant award) - Federal award date (8 awards did not have this) - Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity (6 awards did not include Name of Federal Awarding Agency (Dept of Education) on grant award) Where sampling was performed, the audit used a non-statistical sampling method. IDENTIFICATION AS A REPEAT FINDING Finding 2022-024 was reported in the immediate prior year. The prior audit finding was reported as implemented on the summary schedule of prior audit findings. This materially misrepresents the status of the finding. RECOMMENDATION We recommend the Department of Instruction update its grant award templates to ensure that subrecipients are made award of all required grant award information DEPARTMENT OF PUBLIC INSTRUCTION RESPONSE The Department of Public Instruction agrees with the finding. See “Management’s Response and Corrective Action” section of this report.
CONDITION The Department of Public Instruction did not make subrecipients aware of all required grant award information for the Special Education Cluster, Title 1, Supporting Effective Instruction, Child and Adult Care Food Program, and Education Stabilization Fund. CRITERIA 2 CFR 200.332 requires pass-through entities to communicate specific required information to subrecipients. Required information includes: - Subrecipients name (Must match the name associated with its unique entity identifier) - Subrecipients unique entity identifier - Federal award identification number (FAIN) - Federal award date - Subaward period of performance start and end date - Amount of Federal funds obligated in the subaward - Total amount of Federal funds obligated to the subrecipient by the pass-through entity, including the current financial obligation - Total amount of the Federal award committed to the subrecipient by the pass-through entity - Federal award project description, as required by the Federal Funding Accountability and Transparency Act (FFATA) - Name of the Federal agency, pass-through entity, and contact information for awarding official of the pass-through entity - Assistance listings title and number; the pass-through entity must identify the dollar amount made available under each federal award and the Assistance listings number at the time of disbursement - Identification of whether the Federal award is for research and development - Indirect cost rate for the Federal award (including if the de minimis rate is used) - All requirements of the subaward, including requirements imposed by federal statutes, regulations, and the terms and condition of the Federal award 2 CFR 200.303 requires non-Federal entities, in part, to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. CAUSE Not all grant agreement requirements were entered into the grant award template. EFFECT Subrecipients may not have been aware of all necessary grant information and requirements. CONTEXT The number of grant agreements during the audit period is listed below. A. Special Education Cluster - 134 awards - 14 tested with 10 errors noted The following criteria were missing or incorrect: - Total amount of the Federal award committed to the subrecipient by the pass-through entity B. Title I program - 276 awards - 25 tested with 16 errors noted The following criteria were missing or incorrect: - Total amount of the Federal award committed to the subrecipient by the pass-through entity C. Supporting Effective Instruction - 278 awards - 25 tested with 21 errors noted The following criteria were missing or incorrect: - Subrecipients unique entity identifier - Federal award date - Federal award Identification Number (FAIN) - Total amount of the Federal award committed to the subrecipient by the pass-through entity D. Child and Adult Care Food Program - 134 awards - 14 tested with 2 errors noted The following criteria were missing or incorrect: - Subrecipients unique entity identifier - 1 subrecipient did not have a grant contract E. Education Stabilization Fund - 641 awards - 40 tested with 10 errors noted The following criteria were missing or incorrect: - Subrecipient name (1 sample did not have the correct subrecipient name on the grant award) - Subrecipients unique entity identifier (2 did not match the Subrecipient name on grant award) - Federal award date (8 awards did not have this) - Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity (6 awards did not include Name of Federal Awarding Agency (Dept of Education) on grant award) Where sampling was performed, the audit used a non-statistical sampling method. IDENTIFICATION AS A REPEAT FINDING Finding 2022-024 was reported in the immediate prior year. The prior audit finding was reported as implemented on the summary schedule of prior audit findings. This materially misrepresents the status of the finding. RECOMMENDATION We recommend the Department of Instruction update its grant award templates to ensure that subrecipients are made award of all required grant award information DEPARTMENT OF PUBLIC INSTRUCTION RESPONSE The Department of Public Instruction agrees with the finding. See “Management’s Response and Corrective Action” section of this report.
CONDITION The Department of Public Instruction did not make subrecipients aware of all required grant award information for the Special Education Cluster, Title 1, Supporting Effective Instruction, Child and Adult Care Food Program, and Education Stabilization Fund. CRITERIA 2 CFR 200.332 requires pass-through entities to communicate specific required information to subrecipients. Required information includes: - Subrecipients name (Must match the name associated with its unique entity identifier) - Subrecipients unique entity identifier - Federal award identification number (FAIN) - Federal award date - Subaward period of performance start and end date - Amount of Federal funds obligated in the subaward - Total amount of Federal funds obligated to the subrecipient by the pass-through entity, including the current financial obligation - Total amount of the Federal award committed to the subrecipient by the pass-through entity - Federal award project description, as required by the Federal Funding Accountability and Transparency Act (FFATA) - Name of the Federal agency, pass-through entity, and contact information for awarding official of the pass-through entity - Assistance listings title and number; the pass-through entity must identify the dollar amount made available under each federal award and the Assistance listings number at the time of disbursement - Identification of whether the Federal award is for research and development - Indirect cost rate for the Federal award (including if the de minimis rate is used) - All requirements of the subaward, including requirements imposed by federal statutes, regulations, and the terms and condition of the Federal award 2 CFR 200.303 requires non-Federal entities, in part, to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. CAUSE Not all grant agreement requirements were entered into the grant award template. EFFECT Subrecipients may not have been aware of all necessary grant information and requirements. CONTEXT The number of grant agreements during the audit period is listed below. A. Special Education Cluster - 134 awards - 14 tested with 10 errors noted The following criteria were missing or incorrect: - Total amount of the Federal award committed to the subrecipient by the pass-through entity B. Title I program - 276 awards - 25 tested with 16 errors noted The following criteria were missing or incorrect: - Total amount of the Federal award committed to the subrecipient by the pass-through entity C. Supporting Effective Instruction - 278 awards - 25 tested with 21 errors noted The following criteria were missing or incorrect: - Subrecipients unique entity identifier - Federal award date - Federal award Identification Number (FAIN) - Total amount of the Federal award committed to the subrecipient by the pass-through entity D. Child and Adult Care Food Program - 134 awards - 14 tested with 2 errors noted The following criteria were missing or incorrect: - Subrecipients unique entity identifier - 1 subrecipient did not have a grant contract E. Education Stabilization Fund - 641 awards - 40 tested with 10 errors noted The following criteria were missing or incorrect: - Subrecipient name (1 sample did not have the correct subrecipient name on the grant award) - Subrecipients unique entity identifier (2 did not match the Subrecipient name on grant award) - Federal award date (8 awards did not have this) - Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity (6 awards did not include Name of Federal Awarding Agency (Dept of Education) on grant award) Where sampling was performed, the audit used a non-statistical sampling method. IDENTIFICATION AS A REPEAT FINDING Finding 2022-024 was reported in the immediate prior year. The prior audit finding was reported as implemented on the summary schedule of prior audit findings. This materially misrepresents the status of the finding. RECOMMENDATION We recommend the Department of Instruction update its grant award templates to ensure that subrecipients are made award of all required grant award information DEPARTMENT OF PUBLIC INSTRUCTION RESPONSE The Department of Public Instruction agrees with the finding. See “Management’s Response and Corrective Action” section of this report.